Difference between pages "Second Look" and "User talk:Frank Griffitts"

From Forensics Wiki
(Difference between pages)
Jump to: navigation, search
 
m (Welcome!)
 
Line 1: Line 1:
{{Infobox_Software |
+
'''Welcome to ''Forensics Wiki''!'''
  name = Second Look |
+
We hope you will contribute much and well.
  maintainer = [[Raytheon Pikewerks Corporation]] |
+
You will probably want to read the [[Help:Contents|help pages]].
  os = {{Linux}} |
+
Again, welcome and have fun! [[User:.FUF|.FUF]] 23:46, 9 December 2011 (PST)
  genre = {{Memory analysis}} |
+
  license = commercial |
+
  website = [http://secondlookforensics.com/ secondlookforensics.com/] |
+
}}
+
 
+
[[File:second_look_logo.png]]
+
 
+
The Incident Response edition of '''Second Look®: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities.
+
Second Look® is a product of [[Raytheon Pikewerks Corporation]].
+
 
+
== Memory Acquisition ==
+
Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds.  A command-line script allows for acquisition of memory from running systems without introducing any additional software.  A memory access driver is provided for use on systems without a native interface to physical memory.
+
 
+
== Memory Analysis ==
+
Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors.  A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel.  Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.
+
 
+
Second Look® also applies an integrity verification approach for the analysis of each process in memory.  This enables it to detect unauthorized applications as well as stealthy user-level malware.
+
 
+
== Supported Systems ==
+
Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions.  The following are its capabilities as of April 2012:
+
* Supported target kernels: 2.6.x, 3.x up to 3.2
+
* Supported target architectures: x86 32- and 64-bit
+
* Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!
+
 
+
== External Links ==
+
* [http://secondlookforensics.com Second Look®]
+

Latest revision as of 02:46, 10 December 2011

Welcome to Forensics Wiki! We hope you will contribute much and well. You will probably want to read the help pages. Again, welcome and have fun! .FUF 23:46, 9 December 2011 (PST)