Actually not just malware., it's also interesting to see what my own software is doing. I know what it's supposed to be doing but always nice to make sure the actions reflect the intended workflow especially when it comes to race conditions in multi-threaded applications. Good video, nice tool
I agree with Peter Pann, and I also want to thank you so much. I'll try this right now! Procmon (for files, registry and processor dumps) + Wireshark (for internet dumps) + ProcDOT (for visualizing) looks amazing! I was starting to get crazy and wanting to download Cuckoo Sandbox to check how and why some errors spawn on our office apps or just in W10 in general :) but some of our errors can't be reproduced. I'm so stoked lol ! Thx again for this
Update to myself: Tried it and it's indeed awesome. But don't try it with a ransomware (on a virtual machine of course). Never ended with the graph due to all the files getting encrypted seen in procmon... :) Thanks again
This is actually mentioned here: www.procdot.com/faqs.htm. Refer to readme.txt and re-check your procmon config. I bet it's something really small that needs to be changed.
Fantastic video! Looking forward to additional malware analysis videos!
Great overview, thanks for your effort!
Actually not just malware., it's also interesting to see what my own software is doing. I know what it's supposed to be doing but always nice to make sure the actions reflect the intended workflow especially when it comes to race conditions in multi-threaded applications. Good video, nice tool
Yes, in fact we use this for troubleshooting often.
Excellent and amazing tutorial guy!
Please do a video on an additional video with procdot on a beaconing malware
I hate looking at ProcDOT graph. It's overwhelming. Great videos by the way, this reduces my hate on ProcDOT 😂
thanks for the efforts
Thanks for sharing useful knowledge. Would it be possible for you to sharing on how to setup Cuckoo in step by step. Thank you in advance.
I agree with Peter Pann, and I also want to thank you so much.
I'll try this right now! Procmon (for files, registry and processor dumps) + Wireshark (for internet dumps) + ProcDOT (for visualizing) looks amazing!
I was starting to get crazy and wanting to download Cuckoo Sandbox to check how and why some errors spawn on our office apps or just in W10 in general :) but some of our errors can't be reproduced. I'm so stoked lol ! Thx again for this
Update to myself: Tried it and it's indeed awesome.
But don't try it with a ransomware (on a virtual machine of course).
Never ended with the graph due to all the files getting encrypted seen in procmon... :)
Thanks again
thanks so much
I'd love to see this work for volatility captured network and process data. It may exist, but you don't know what you don't know.
I followed all the instructions and no matter what I do, I always get: "Procmon has an unknown format!" How do I solve this?
This is actually mentioned here: www.procdot.com/faqs.htm. Refer to readme.txt and re-check your procmon config. I bet it's something really small that needs to be changed.
it would be better if you show something for linux
still enjoyed it....
It's coming. I plan to cover some Linux forensics-related topics in upcoming episodes.
@@13Cubed thanks bruh....