HGBary Releases Windows Memory Investigation/Malware Analysis Platform

HBGary Responder Professional 1.3 allows security professionals, malware analysts and forensic investigators to more effectively and efficiently detect, diagnose and investigate computer crimes on live Windows computer systems…HBGary Responder Professional 1.3 fulfills many of the rigorous requirements that top computer incident responders, computer forensic investigators and malware analysts require. Responder Professional 1.3 supports acquisition and analysis of physical memory (RAM) on all Windows ® Operating Systems starting with Windows ® 2000 through Windows ® 2008 Server including all service packs both 32- and 64-bit (PAE and non-PAE). This is a huge step forward for the information security and computer forensic communities. Finally, these long-awaited capabilities are available to complement enterprise security best practices in the areas of host intrusion detection, computer forensics and security assessments.

With HBGary Responder Professional 1.3, incident responders, forensic investigators, and malware analysts now have access to a wealth of runtime data that allows them to more accurately assess and investigate live Windows computer systems. “Our customers tell us that visibility into computer RAM is the only way they detect some of the latest malicious code found on their networks,” said Rich Cummings, CTO of HBGary. “The network monitoring team sees traffic coming from compromised hosts, but cannot identify the malicious code on the machine using antivirus scanning technology.”

Growing incidence of malware in memory
Organized crime, foreign governments, disgruntled employees and other adversaries are contributing to a $100 billion dollar shadow economy of stolen information. In the past, malware was written by kids looking to enhance their reputation. Today much of the malware is written by professionals who develop military-grade exploits and malicious code that easily evade existing host security solutions. These advanced coding tricks allow them to exploit confidential information and computer assets at will. This rapidly developing problem is one of the driving forces behind the need for better malicious code detection, diagnosis, and response.

Just finding the malicious code and sending a copy to your antivirus vendor of choice for a signature is not enough anymore. Today organizations want answers fast. They want to know how to detect the malicious code, but also want to know what information is being stolen. Where is their data being sent? How does the malware propagate itself? How does it communicate? Does it use encryption? Is it stealing passwords and logging keystrokes? This kind of intelligence becomes critical when your most sensitive data is under attack.

“Our customers recognize there are gaps in current malware detection and analysis capabilities and are looking to physical memory analysis to answer some hard questions previously not addressed by other security software”, said Cummings. “With cybercrime at an all time high, these capabilities are changing from `nice to have’ to `need to have’ for information security professionals and computer forensic investigators. You never know what digital artifact will provide the evidence needed to solve a cybercrime and point you to the smoking gun. If you’re not incorporating offline memory analysis capabilities into your best practices, then you just don’t know what you’re missing.”


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.

Unsubscribe any time. We respect your privacy - read our privacy policy.


HBGary Responder Professional 1.3: What’s New?
· Full Analysis Support for all 32- & 64-bit Windows Operating Systems

o Windows ® 2000 – 2008 Server

o PAE & Non-PAE

o All service packs

· Full Unicode Searching and Reporting

o Logical and physical across the entire memory image

o Per process, module or driver

o Virtual Address Descriptor (VAD) Tree

· Supports analyzing memory snapshots that are larger than 4GB

· Identifies code installed using the Reflective DLL injection technique

· Search and Report on data per process in the, Memory Heap and Stack

· Enhanced Malware Analysis Plug-in (MAP)

o The MAP plug-in automatically generates a malware analysis report that provides a high level overview of each binary’s possible capabilities broken out into 6 different factors.

1. Installation and Deployment Factors

2. Communication Factors

3. Information Security Factors

4. Defensive Factors

5. Development Factors

6. Command and Control Factors

· FastDump Pro – with support for imaging physical memory on all 32- and 64-bit Windows ® Operating Systems Windows ® 2000 – 2008 Server

o Includes systems with more than 4GB of RAM

· Added analysis support for VMware ESX memory image files (.vmsn extension)

Pricing and Availability

HBGary Responder Professional 1.3 list price is $9000.00 and is available now.

HBGary Responder Field Edition 1.3 list price is normally $3000.00 but discounted to $2000.00 until March 31, 2009. To purchase HBGary Responder 1.3 or get additional information, please visit www.hbgary.com or contact sales@hbgary.com.

About HBGary, Inc.

HBGary, Inc. was founded in 2003 by renowned security expert Greg Hoglund. Mr. Hoglund and his team are internationally known experts in the field of windows internals, software reverse engineering, bug identification, rootkit techniques and countermeasures. Today HBGary specializes in developing advanced computer analysis solutions for Information Assurance (IA) analysts, Computer Emergency Response Teams (CERT’s), and Computer Forensic Investigators to detect, diagnose, and respond to computer intrusions and other cyber crime activities. The company is headquartered in Sacramento with sales offices in the Washington D.C. area. HBGary is privately held. For more information on the company, please visit: http://www.hbgary.com.

For More Information:

Contact: Karen Burke

650-814-3764

karenmaryburke@yahoo.com

Leave a Comment