Difference between pages "Shell Item" and "Second Look"
From Forensics Wiki
(Difference between pages)
Joachim Metz (Talk | contribs) (→External Links) |
Joachim Metz (Talk | contribs) |
||
| Line 1: | Line 1: | ||
| − | + | {{Infobox_Software | | |
| − | + | name = Second Look | | |
| − | + | maintainer = [[Raytheon Pikewerks Corporation]] | | |
| + | os = {{Linux}} | | ||
| + | genre = {{Memory analysis}} | | ||
| + | license = commercial | | ||
| + | website = [http://secondlookforensics.com/ secondlookforensics.com/] | | ||
| + | }} | ||
| − | + | [[File:second_look_logo.png]] | |
| − | + | The Incident Response edition of '''Second Look®: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities. | |
| + | Second Look® is a product of [[Raytheon Pikewerks Corporation]]. | ||
| − | + | == Memory Acquisition == | |
| + | Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory. | ||
| − | + | == Memory Analysis == | |
| − | + | Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels. | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | Second Look® also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level malware. | |
| − | == | + | == Supported Systems == |
| − | + | Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions. The following are its capabilities as of April 2012: | |
| − | + | * Supported target kernels: 2.6.x, 3.x up to 3.2 | |
| − | + | * Supported target architectures: x86 32- and 64-bit | |
| − | + | * Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more! | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
== External Links == | == External Links == | ||
| − | + | * [http://secondlookforensics.com Second Look®] | |
| − | * [http:// | + | * [http://secondlookforensics.com/linux-memory-images/ Linux Memory Images] |
| − | + | ||
| − | + | ||
| − | + | ||
| − | * [http:// | + | |
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
| − | + | ||
Revision as of 04:54, 27 July 2012
| Second Look | |
|---|---|
| Maintainer: | Raytheon Pikewerks Corporation |
| OS: | Linux |
| Genre: | Memory Analysis |
| License: | commercial |
| Website: | secondlookforensics.com/ |
The Incident Response edition of Second Look®: Linux Memory Forensics is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities. Second Look® is a product of Raytheon Pikewerks Corporation.
Contents |
Memory Acquisition
Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory.
Memory Analysis
Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.
Second Look® also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level malware.
Supported Systems
Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions. The following are its capabilities as of April 2012:
- Supported target kernels: 2.6.x, 3.x up to 3.2
- Supported target architectures: x86 32- and 64-bit
- Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!
