SOFTWARE SOLUTIONS

Rootkit Detection

The harder a rootkit tries to hide, the easier it is to identify it. Changes made to the operating system are often invalid and easy to spot. For a rootkit to operate, it must exist in memory. Attempts to mask memory only make the memory stand out more. By not relying on the subverted operating system for information, Responder bypasses all of the rootkit's defenses.

Incident Response

Having physical memory is like having a hidden camera in the corner of a crime scene. It answers all of the unanswered questions - who did what and in what order. All the live activity on a computer is stored in memory. Live memory is a treasure trove of events, keystrokes, open files, network packets, screen shots and software functions. This volatile data is the key to understanding runtime configuration, user actions and software capabilities and behaviors. Responder doesnt just identify if malware is present, it identifies what it was doing.

Malware Reverse Engineering

Each and every cyber espionage case could easily be misconstrued as a traditional "virus" outbreak. Why should you reverse engineer binaries for Information Security or Computer Forensic purposes? The answer is very simple, when you come across unknown executables, drivers, and modules on workstations and servers during routine security assessments or investigations you need to be able to identify the software's true capabilities and intent. You need to rapidly determine if the software is malicious or whether it has the functionality necessary to prove the "Trojan Defense". You can no longer rely alone on your antivirus and antispyware companies to help you keep a clean and trusted network.

Computer Forensics

Computer Forensic investigators world wide have been asking for live memory preservation and analysis capabilities for years. These cybercops have known about the valuable information contained in memory but until now have not had an easy way to analyze and parse the low level undocumented data structures contained therein.