HBGary Unveils Responder™ Community Edition

New Version of De Facto Industry Standard for Physical Memory Analysis Now Available As Free Tool

CEIC 2011 Conference, Orlando, FL - May 17th, 2011 - HBGary, Inc., (http:// www.hbgary.com) today introduced Responder™ Community Edition, a new, free version of its flagship Responder™ product, the de facto industry standard for physical memory analysis, an essential part of any digital investigation.

Limited copies of this new free tool are available on CD at HBGary booth #201 at the Computer and Enterprise Investigations Conference (CEIC) 2011. HBGary is a Platinum sponsor for the event.

Critical digital evidence of today's malware and other advanced targeted attacks can be found in physical memory: user names and passwords, encryption keys, instant messenger chat sessions, unencrypted data, open documents and emails, encryption keys, hidden code like rootkits, and registry information. All this data can help provide contextual threat intelligence about a criminal's activity on the computer.

"When we first introduced Responder™ several years ago, memory forensics tools were primarily used by early adopters such as government and law enforcement agencies. Today most industries and corporations, large and small, want the same in-depth, threat intelligence to protect their organizations. Built on the same comprehensive and complete live Windows® memory investigation platform as our other two Responder™ products, Responder™ Pro and Responder™ Field Edition, Responder™ Community Edition offers a new, cost-effective way to gather this critical intelligence found only in computer memory," said Greg Hoglund, CEO of HBGary, Inc.

About Responder™ Community Edition

Like its sister products, Responder™ Community Edition provides the most thorough and comprehensive memory analysis capability in the industry. Responder™ Community Edition virtually rebuilds all the underlying data structures up to 6 gigabytes of RAM. This includes all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigation.

About the Responder™ Windows® Memory Investigation Platform

The HBGary Responder™ platform is designed to perform a comprehensive and complete live Windows memory investigation. Responder allows analysts and investigators to easily preserve the entire contents of live memory and the Pagefile on Windows operating systems in a forensically sound manner. Responder then analyzes and diagnoses the memory image to reveal operating system, user, and application information critical to computer investigations. Harvested information includes both kernel and user-mode objects, structures, binaries, and other useful artifacts. When malicious or suspect applications, drivers, and other executables are found Responder can seamlessly extract the file(s) from the memory image retaining portable executable (PE) structure so they can be further diagnosed, executed, and monitored in their unpacked state.

This methodology allows Responder to defeat many packers and other obfuscation techniques used by malware writers.

Analysts requiring even deeper understanding of malware or suspicious applications can perform binary and runtime forensic analysis with run trace, data flow tracing, and debugging capabilities.

Availability

Responder™ Community Edition is available now for download by registered HBGary users. If you already have an HBGary Support account, you can log in at support.hbgary.com and download the product from the Product Downloads page. If you are not already a registered HBGary user, please visit http://www.hbgary.com/request- account.

To learn more about our commercial Responder solutions, Responder Pro and Responder Field Edition, please visit http://www.hbgary.com/products. For more information on HBGary's community free tools please visit http://www.hbgary.com/free-tools.

About HBGary, Inc.

HBGary, Inc. was founded in 2003 to counter advanced cyber threats and to develop products for incident response and malware reverse engineering. HBGary has an expert history dealing with advanced malware, rootkits, zero-day exploitation, and advanced targeted threats such as APT. Current customers include Fortune 500 financial, pharmaceutical and entertainment companies as well as the Department of Defense, Intelligence Community and other U.S. government agencies. HBGary is headquartered in Sacramento and has offices in Washington D.C. For more information on HBGary, please visit http://www.hbgary.com.