HGBary Releases Windows Memory Investigation/Malware Analysis Platform

HBGary Responder Professional 1.3 allows security professionals, malware analysts and forensic investigators to more effectively and efficiently detect, diagnose and investigate computer crimes on live Windows computer systems…HBGary Responder Professional 1.3 fulfills many of the rigorous requirements that top computer incident responders, computer forensic investigators and malware analysts require. Responder Professional 1.3 supports acquisition and analysis of physical memory (RAM) on all Windows ® Operating Systems starting with Windows ® 2000 through Windows ® 2008 Server including all service packs both 32- and 64-bit (PAE and non-PAE). This is a huge step forward for the information security and computer forensic communities. Finally, these long-awaited capabilities are available to complement enterprise security best practices in the areas of host intrusion detection, computer forensics and security assessments.

With HBGary Responder Professional 1.3, incident responders, forensic investigators, and malware analysts now have access to a wealth of runtime data that allows them to more accurately assess and investigate live Windows computer systems. “Our customers tell us that visibility into computer RAM is the only way they detect some of the latest malicious code found on their networks,” said Rich Cummings, CTO of HBGary. “The network monitoring team sees traffic coming from compromised hosts, but cannot identify the malicious code on the machine using antivirus scanning technology.”

Growing incidence of malware in memory
Organized crime, foreign governments, disgruntled employees and other adversaries are contributing to a $100 billion dollar shadow economy of stolen information. In the past, malware was written by kids looking to enhance their reputation. Today much of the malware is written by professionals who develop military-grade exploits and malicious code that easily evade existing host security solutions. These advanced coding tricks allow them to exploit confidential information and computer assets at will. This rapidly developing problem is one of the driving forces behind the need for better malicious code detection, diagnosis, and response.

Just finding the malicious code and sending a copy to your antivirus vendor of choice for a signature is not enough anymore. Today organizations want answers fast. They want to know how to detect the malicious code, but also want to know what information is being stolen. Where is their data being sent? How does the malware propagate itself? How does it communicate? Does it use encryption? Is it stealing passwords and logging keystrokes? This kind of intelligence becomes critical when your most sensitive data is under attack.

“Our customers recognize there are gaps in current malware detection and analysis capabilities and are looking to physical memory analysis to answer some hard questions previously not addressed by other security software”, said Cummings. “With cybercrime at an all time high, these capabilities are changing from `nice to have’ to `need to have’ for information security professionals and computer forensic investigators. You never know what digital artifact will provide the evidence needed to solve a cybercrime and point you to the smoking gun. If you’re not incorporating offline memory analysis capabilities into your best practices, then you just don’t know what you’re missing.”


Get The Latest DFIR News

Join the Forensic Focus newsletter for the best DFIR articles in your inbox every month.


Unsubscribe any time. We respect your privacy - read our privacy policy.

HBGary Responder Professional 1.3: What’s New?
· Full Analysis Support for all 32- & 64-bit Windows Operating Systems

o Windows ® 2000 – 2008 Server

o PAE & Non-PAE

o All service packs

· Full Unicode Searching and Reporting

o Logical and physical across the entire memory image

o Per process, module or driver

o Virtual Address Descriptor (VAD) Tree

· Supports analyzing memory snapshots that are larger than 4GB

· Identifies code installed using the Reflective DLL injection technique

· Search and Report on data per process in the, Memory Heap and Stack

· Enhanced Malware Analysis Plug-in (MAP)

o The MAP plug-in automatically generates a malware analysis report that provides a high level overview of each binary’s possible capabilities broken out into 6 different factors.

1. Installation and Deployment Factors

2. Communication Factors

3. Information Security Factors

4. Defensive Factors

5. Development Factors

6. Command and Control Factors

· FastDump Pro – with support for imaging physical memory on all 32- and 64-bit Windows ® Operating Systems Windows ® 2000 – 2008 Server

o Includes systems with more than 4GB of RAM

· Added analysis support for VMware ESX memory image files (.vmsn extension)

Pricing and Availability

HBGary Responder Professional 1.3 list price is $9000.00 and is available now.

HBGary Responder Field Edition 1.3 list price is normally $3000.00 but discounted to $2000.00 until March 31, 2009. To purchase HBGary Responder 1.3 or get additional information, please visit www.hbgary.com or contact [email protected]

About HBGary, Inc.

HBGary, Inc. was founded in 2003 by renowned security expert Greg Hoglund. Mr. Hoglund and his team are internationally known experts in the field of windows internals, software reverse engineering, bug identification, rootkit techniques and countermeasures. Today HBGary specializes in developing advanced computer analysis solutions for Information Assurance (IA) analysts, Computer Emergency Response Teams (CERT’s), and Computer Forensic Investigators to detect, diagnose, and respond to computer intrusions and other cyber crime activities. The company is headquartered in Sacramento with sales offices in the Washington D.C. area. HBGary is privately held. For more information on the company, please visit: http://www.hbgary.com.

For More Information:

Contact: Karen Burke

650-814-3764

[email protected]

Leave a Comment

Latest Videos

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools. <br /><br />They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.<br /><br />Show Notes:<br /><br />A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf<br /><br />Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi<br /><br />A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi<br /><br />European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234<br /><br />YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/<br /><br />Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

In this episode of the Forensic Focus podcast, Si and Desi explore how artificial intelligence is being leveraged to uncover crucial evidence in investigations involving child sexual abuse material (CSAM) and examine the importance of exercising caution when implementing these tools.

They also discuss a recent murder case in which cyber experts played a vital role in securing a conviction, and explore the unique challenges associated with using digital evidence as an alibi.

Show Notes:

A Practitioner Survey Exploring the Value of Forensic Tools, AI, Filtering, & Safer Presentation for Investigating Child Sexual Abuse Material (CSAM) - https://dfrws.org/wp-content/uploads/2019/06/2019_USA_paper-a_practitioner_survey_exploring_the_value_of_forensic_tools_ai_filtering_safer_presentation_for_investigating_child_sexual_abuse_material_csam.pdf

Man charged with NI murder ‘faked live stream to provide alibi’ (The Guardian) - https://www.theguardian.com/uk-news/2023/feb/02/man-charged-with-ni-faked-live-stream-to-provide-alibi

A YouTuber accused of murder faked a 6-hour livestream to produce an alibi (Sportskeeda) - https://www.sportskeeda.com/esports/news-a-youtuber-accused-murder-faked-6-hour-livestream-produce-alibi

European Interdisciplinary Cybersecurity Conference (EICC) 2023 - https://www.forensicfocus.com/event/european-interdisciplinary-cybersecurity-conference-eicc-2023/#more-493234

YouTuber reportedly faked GTA livestream to have an alibi while he committed murder (Dexerto) - https://www.dexerto.com/entertainment/youtuber-reportedly-faked-gta-livestream-to-have-an-alibi-while-he-committed-murder-2052974/

Forensic Europe Expo - https://www.forensicfocus.com/event/forensic-europe-expo/#more-493225

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_7QiFTiuY7Vw

AI In CSAM Investigations And The Role Of Digital Evidence In Criminal Cases

Forensic Focus 22nd March 2023 12:44 pm

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

Throughout the past few years, the way employees communicate with each other has changed forever.

69% of employees note that the number of business applications they use at work has increased during the pandemic.

Desk phones, LAN lines and even VOIP have become technologies of the past workplace environment as employees turn to cloud applications on their computers and phones to collaborate with each other in today’s workplace environment.

Whether it’s conversations in Teams, file uploads in Slack chats, or confidential documents stored in Office 365, the amount of data stored and where it is stored, is growing quicker than IT and systems administrators can keep up with.

Corporate investigators and eDiscovery professionals need to seamlessly collect relevant data from cloud sources and accelerate the time to investigative and discovery review.

With the latest in Cellebrite’s remote collection suite of capabilities, investigators and legal professionals can benefit from secure collection with targeted capabilities for the most used workplace applications.

Join Monica Harris, Product Business Manager, as she showcases how investigators can:

- Manage multiple cloud collections through a web interface
- Cull data prior to collection to save time and money by gaining these valuable insights of the data available
- Collect data from the fastest growing cloud collaboration applications like Office365, Google Workspace, Slack and Box
- Login to a single source for workplace app collection without logging into every app and pulling data from multiple sources for every employee
- Utilize a single unified collection workflow for computer, mobile and workplace cloud applications without the need to purchase multiple tools for different types of collections – a solution unique to Cellebrite’s enterprise solution capabilities

YouTube Video UCQajlJPesqmyWJDN52AZI4Q_g6nTjfEMnsA

Tips And Tricks Data Collection For Cloud Workplace Applications

Forensic Focus 20th March 2023 12:00 pm

This error message is only visible to WordPress admins

Important: No API Key Entered.

Many features are not available without adding an API Key. Please go to the YouTube Feed settings page to add an API key after following these instructions.

Latest Articles

Share to...