Difference between revisions of "Second Look"
(Created page with "File:second_look_logo.jpg The Incident Response edition of '''Second Look™: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effect...") |
Joachim Metz (Talk | contribs) |
||
| (3 intermediate revisions by one user not shown) | |||
| Line 1: | Line 1: | ||
| − | [[ | + | {{Infobox_Software | |
| + | name = Volatility | | ||
| + | maintainer = Raytheon Pikewerks | | ||
| + | os = {{Linux}} | | ||
| + | genre = [[Memory analysis]] | | ||
| + | license = commercial | | ||
| + | website = [http://secondlookforensics.com/ secondlookforensics.com/] | | ||
| + | }} | ||
| − | The Incident Response edition of '''Second | + | [[File:second_look_logo.png]] |
| + | |||
| + | The Incident Response edition of '''Second Look®: Linux Memory Forensics''' is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities. | ||
== Memory Acquisition == | == Memory Acquisition == | ||
| − | Second | + | Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory. |
== Memory Analysis == | == Memory Analysis == | ||
| − | Second | + | Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels. |
| + | |||
| + | Second Look® also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level malware. | ||
== Supported Systems == | == Supported Systems == | ||
| − | Second | + | Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions. The following are its capabilities as of April 2012: |
| − | * Supported target kernels: 2.6. | + | * Supported target kernels: 2.6.x, 3.x up to 3.2 |
* Supported target architectures: x86 32- and 64-bit | * Supported target architectures: x86 32- and 64-bit | ||
| − | * Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10- | + | * Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more! |
| + | |||
| + | == External Links == | ||
| + | Second Look® is a product of [[Raytheon Pikewerks Corporation]]: | ||
| + | * http://secondlookforensics.com | ||
Revision as of 04:21, 27 July 2012
| Volatility | |
|---|---|
| Maintainer: | Raytheon Pikewerks |
| OS: | Linux |
| Genre: | Memory analysis |
| License: | commercial |
| Website: | secondlookforensics.com/ |
The Incident Response edition of Second Look®: Linux Memory Forensics is designed for use by investigators who need quick, easy, and effective Linux memory acquisition and analysis capabilities.
Contents |
Memory Acquisition
Second Look® preserves the volatile system state, capturing evidence and information that does not exist on disk and may otherwise be lost as an investigation proceeds. A command-line script allows for acquisition of memory from running systems without introducing any additional software. A memory access driver is provided for use on systems without a native interface to physical memory.
Memory Analysis
Second Look® interprets live system memory or captured memory images, detecting and reverse engineering malware, including stealthy kernel rootkits and backdoors. A kernel integrity verification approach is utilized to compare the Linux kernel in memory with a reference kernel. Pikewerks provides thousands of reference kernels derived from original distribution kernel packages, and a script for creating reference kernels for other systems, such as those running custom kernels.
Second Look® also applies an integrity verification approach for the analysis of each process in memory. This enables it to detect unauthorized applications as well as stealthy user-level malware.
Supported Systems
Second Look® is regularly updated to support analysis of the latest kernels and the most commonly used Linux distributions. The following are its capabilities as of April 2012:
- Supported target kernels: 2.6.x, 3.x up to 3.2
- Supported target architectures: x86 32- and 64-bit
- Supported target distributions: Debian 4-6, RHEL/CentOS 4-6, Ubuntu 4.10-12.04, and more!
External Links
Second Look® is a product of Raytheon Pikewerks Corporation:
