Difference between pages "Research Topics" and "HBGary Responder Professional"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
m
 
 
Line 1: Line 1:
; Research Ideas
+
[[File:logo.jpg]]
  
 +
Responder™ Professional is a leader in Windows™ physical memory and automated malware analysis. It is an
 +
application that is known for its ease of use, streamlined workflow, and rapid results. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who demand the very best. Responder Professional provides powerful memory
 +
forensics, malware detection, and software behavioral identification with Digital DNA™.
  
  
Interested in doing research in computer forensics? Looking for a master's topic, or just some ideas for a research paper? Here is my list. Please feel free to add your own ideas.
+
== Memory Preservation ==
  
==Disk Forensics==
+
FDPro is included with Responder™ Professional. FDPro is the most complete memory acquisition software in the
===Stream Forensics===
+
industry. FDPro is the only application that can preserve Windows™ physical memory and Pagefile for information security and computer
Process the entire disk with one pass, or at most two, to minimize seek time.
+
forensic purposes.
  
===Evidence Falsification===
 
Automatically detect falsified digital evidence.
 
  
===Sanitization===
+
== Memory Analysis ==
Detect and diagnose sanitization attempts.
+
  
 +
Critical computer artifacts are found only in live memory. Responder makes it easy to uncover, identify, and report on critical information with easy to use and intuitive GUI designed to support investigation workflow.
  
===[[AFF]] Enhancement===
+
[[File:memory_analysis.jpg]]  
* Replace the AFF "BADFLAG" approach for indicating bad data with a bad sector bitmap.
+
  
* Modify aimage so that it can take a partial disk image and a disk and just image what's missing.
 
  
* Improve the data recovery features of aimage.
+
== Malware Detection with Digital DNA™ ==
  
* Replace AFF's current table-of-contents system with one based on B+ Trees.
+
Digital DNA is a revolutionary technology designed to detect advanced computer security threats within physical memory. All memory is analyzed offline as a file; there is no active code to thwart analysis. Digital DNA does not rely on the Windows operating system since the host is  assumed to be compromised and thus not trusted. All executable code in memory is scanned, scored, and ranked by level of severity based upon programmed software behaviors.  
  
==Carving==
+
[[File:Ddna_image.jpg]]
===JPEG Validator===
+
Create a JPEG decompresser that supports restarts and checkpointing for use in high-speed carving.  
+
  
  
==Cell Phone Exploitation==
+
== Automated Malware Analysis ==
===Imaging===
+
Develop a tool for imaging the contents of a cell phone memory
+
===Interpretation===
+
* Develop a tool for reassembling information in a cell phone memory
+
  
 +
More computer crimes are involving malware as a method of gaining access to confidential information. The new face
 +
of malware is designed to never touch the disk and reside only in memory. Important delivery information, rootkit behaviors and malware not detected by AV can be easily found using Professional.
  
==Corpora Development==
+
[[File:Automated_analysis.jpg]]
===Realistic Disk Corpora===
+
There is need for realistic corpora that can be freely redistributed but do not contain any confidential personally identifiable information (PII).  
+
  
These disk images may be either of an external drive or of a system boot drive. The drive images should have signs of ''wear'' --- that is, they should have resident files, deleted files, partially overwritten files, contiguous files, and fragmented files.
 
  
===Realistic Network Traffic===
+
== Reporting ==
Generating realistic network traffic requires constructing a test network and either recording interactions within the network or with an external network.
+
 
 +
A flexible reporting module is built in for ease of use so you can quickly deliver the information in
 +
a succinct manner to attorneys, management or clients.
 +
 
 +
 
 +
== External Links ==
 +
 
 +
http://www.hbgary.com

Revision as of 15:27, 12 October 2009

Logo.jpg

Responder™ Professional is a leader in Windows™ physical memory and automated malware analysis. It is an application that is known for its ease of use, streamlined workflow, and rapid results. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who demand the very best. Responder Professional provides powerful memory forensics, malware detection, and software behavioral identification with Digital DNA™.


Memory Preservation

FDPro is included with Responder™ Professional. FDPro is the most complete memory acquisition software in the industry. FDPro is the only application that can preserve Windows™ physical memory and Pagefile for information security and computer forensic purposes.


Memory Analysis

Critical computer artifacts are found only in live memory. Responder makes it easy to uncover, identify, and report on critical information with easy to use and intuitive GUI designed to support investigation workflow.

Memory analysis.jpg


Malware Detection with Digital DNA™

Digital DNA is a revolutionary technology designed to detect advanced computer security threats within physical memory. All memory is analyzed offline as a file; there is no active code to thwart analysis. Digital DNA does not rely on the Windows operating system since the host is assumed to be compromised and thus not trusted. All executable code in memory is scanned, scored, and ranked by level of severity based upon programmed software behaviors.

Ddna image.jpg


Automated Malware Analysis

More computer crimes are involving malware as a method of gaining access to confidential information. The new face of malware is designed to never touch the disk and reside only in memory. Important delivery information, rootkit behaviors and malware not detected by AV can be easily found using Professional.

Automated analysis.jpg


Reporting

A flexible reporting module is built in for ease of use so you can quickly deliver the information in a succinct manner to attorneys, management or clients.


External Links

http://www.hbgary.com