HBGary and Skout Forensics Announce OEM Agreement

HBGary, Inc. and Skout Forensics have announced the signing of an OEM agreement. Under the agreement, Skout Forensics will integrate HBGary’s Windows memory acquisition tool FDPro™ into the company’s patent-pending flagship product, the Skout Forensics Data Collection and Preservation Kit, a solution that provides thorough data acquisitions without the need of a forensic expert, while maintaining the forensic integrity of the data…“We are committed to offering our customers the best tools for capturing forensics data. With today’s malware threats increasingly found in physical memory, it was important that we offer the latest technology to address this critical security issue. We selected FDPro™ because it is far superior than any other memory acquisition tool available in the market today. Skout Forensics is excited to announce this partnership with HBGary,” said Skout Forensics cofounder Chris Coulter.

“Today’s global organizations understand that capturing and analyzing malware in memory is vital to protecting their networks from APT and other threats. HBGary is proud to partner with Skout Forensics and looks forward to helping Skout Forensics deliver this memory acquisition capability to its customers,” said HBGary President Penny Leavy.

About FDPro™
FDPro™ is the commerically supported version of Fastdump. Fastdump is the industry’s most forensically sound Windows™ memory acquisition tool. Fastdump has a memory footprint that is far less than other tools such as Helix/DD. All required code is statically linked so no additional DLL’s are loaded. The final executable size is only 80K.

FDPro™ supports all versions of Windows™ operating systems and service packs (2000, XP, 2003, Vista, 2008 Server) 32 and 64 bit, including systems with more than 4 gigs of RAM (up to 64 gigs of RAM). FDPro™ supports acquisition of the Windows™ pagefile to be included with the acquisition of RAM. FDPro™ supports a variety of memory probing features that can assist with malware analysis.

Get The Latest DFIR News!

Top DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

About Skout Forensics
Skout Forensics is a privately held pioneering developer of streamlined digital forensic solutions. The company’s products and solutions enable its customers to utilize digital forensic best practices in a manner that is affordable, simple to use and easy to scale. The Skout Forensics management team consists of seasoned professionals with over 40 years of industry and legal experience. For additional information please visit http://www.skoutforensics.com.

About HBGary, Inc.
HBGary, Inc. was founded in 2004 by renowned security expert Greg Hoglund. HBGary is focused on delivering best-in-class threat detection solutions to Fortune 500 financial, pharmaceutical and entertainment companies as well as Department of Defense, Intelligence Community and other U.S. government agencies to meet their unique cybersecurity challenges and requirements. HBGary is headquartered in Sacramento and has offices in Washington D.C. For more information on HBGary, please visit http://www.hbgary.com.

For More Information:
Karen Burke
HBGary, Inc.
650-814-3764

Leave a Comment

Latest Videos

Quantifying Data Volatility for IoT Forensics With Examples From Contiki OS

Forensic Focus 22nd June 2022 5:00 am

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run. 

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems. 

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

File timestamps are used by forensics practitioners as a fundamental artifact. For example, the creation of user files can show traces of user activity, while system files, like configuration and log files, typically reveal when a program was run.

Despite timestamps being ubiquitous, the understanding of their exact meaning is mostly overlooked in favor of fully-automated, correlation-based approaches. Existing work for practitioners aims at understanding Windows and is not directly applicable to Unix-like systems.

In this paper, we review how each layer of the software stack (kernel, file system, libraries, application) influences MACB timestamps on Unix systems such as Linux, OpenBSD, FreeBSD and macOS.

We examine how POSIX specifies the timestamp behavior and propose a framework for automatically profiling OS kernels, user mode libraries and applications, including compliance checks against POSIX.

Our implementation covers four different operating systems, the GIO and Qt library, as well as several user mode applications and is released as open-source.

Based on 187 compliance tests and automated profiling covering common file operations, we found multiple unexpected and non-compliant behaviors, both on common operations and in edge cases.

Furthermore, we provide tables summarizing timestamp behavior aimed to be used by practitioners as a quick-reference.

Learn more: https://dfrws.org/presentation/a-systematic-approach-to-understanding-macb-timestamps-on-unixlike-systems/

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_i0zd7HtluzY

A Systematic Approach to Understanding MACB Timestamps on Unixlike Systems

Forensic Focus 21st June 2022 5:00 am

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...