The ultimate in Windows™ physical memory and automated malware analysis all integrated into one application for ease of use, streamlined workflow, and rapid results. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who require rapid results. Responder Professional provides powerful memory forensics and malware identification with Digital DNA™. Malware analysis includes automated code disassembly, behavioral profiling reporting, pattern searching, code labeling, and control flow graphing. This is a huge step forward for the information security and computer forensic communities. Finally, these long-awaited capabilities are available to complement enterprise security best practices in the areas of host intrusion detection, computer forensics and security assessments,
Read the Responder Professional Datasheet
FDPro is included with Responder™ Professional and is the industry’s most complete memory acquisition software utility designed to preserve Windows™ physical memory for information security and computer forensic purposes. FDPro™ supports all versions of Windows™ operating systems and service packs, 32 and 64 bit, including systems with more than 4 gigs of RAM. FDPro also supports acquisition of the Windows™ Pagefile following the acquisition of RAM and other useful tricks for a more thorough memory investigation.
Lots of information can be found in memory, malware, chat sessions, registry keys, encryption keys, socket information and more. Responder™ Professional provides an easy to use GUI that allows you rapid recovery of this type of information. The GUI is designed to support investigation workflow NO DIFFICULT COMMAND LINE interface. Responder allows every investigator to be successful with minimal effort. Types of information found in memory:
- Operating System Information
- Running processes
- Open files
- Network connections and listening ports
- Open registry keys per process
- Interrupt Descriptor Table
- System Service Descriptor Table
- Application information
- Passwords in clear text
- Unencrypted data
- Instant messenger chat sessions
- Document data
- Web based email
- Outlook email
- Malware Detection
- Keystroke logging
- Rootkits & Trojans
Malware Detection with Digital DNA™
Digital DNA is a revolutionary technology to detect advanced computer security threats within physical memory without relying on the Windows operating system which cannot be trusted. All executable code residing in memory are scanned and ranked by level of severity based upon programmed behaviors. The Digital DNA Sequence appears as a series of Trait codes when concatenated together describe the behaviors of each software module. Observed behavioral Traits are matched against HBGary’s “Malware Genome” database to classify digital objects as good, bad or neutral. Rules and weighting are applied to compute the overall Severity score. Users can see the underlying Trait descriptions to gain fast insight into software behaviors.
Read the Digital DNA Datasheet
Automated Malware Analysis
More computer crimes are involving malware as a method of gaining access to confidential information. The new face of malware is designed to never touch the disk and reside only in memory. Important delivery information, rootkit behavior and malware not detected by AV can be easily found using Professional. The Malware analysis module automatically generates a malware analysis report that provides a high level overview of each binary’s possible capabilities broken out into 6 different factors.
- Installation and Deployment Factors
- Communication Factors
- Information Security Factors
- Defensive Factors
- Development Factors
- Command and Control Factors
Malware Reverse Engineering
Designed to augment automated malware analysis. Sometimes the automated malware analysis will not provide the granular insight required for sophisticated understanding of code. HBGary includes these easy to use features as a means of getting more information visually. Control Flow Graphing provides rapid understanding of complex code executions path, code loops and calls. Pro includes many of the features found in IDA and Ollydbg such as labeling and code view.
A flexible reporting module is built in for ease of use so you can quickly deliver the information in a succinct manner to attorneys, management or clients. Can export out to CVS, PDF, RTF and other industry standards.
Responder Pro screenshot
Tree view and all processes view
Exfiltration routine and file types
Command line closeup
Request Evaluation Software