informa
Products & Releases

HBGary Unveils Comprehensive Windows Memory Investigation And Malware Analysis Platform

HBGary Responder Professional 1.3 allows security professionals, malware analysts and forensic investigators to more effectively and efficiently detect, diagnose, and investigate computer crimes on live Windows computer systems
Sacramento, California--January 21, 2009 " HBGary, Inc., a leading provider of computer forensic, incident response, security assessment solutions and services, today unveiled HBGary Responder Professional 1.3, the most comprehensive memory investigation and malware analysis platform available on the market today.

HBGary Responder Professional 1.3 fulfills many of the rigorous requirements that top computer incident responders, computer forensic investigators and malware analysts require. Responder Professional 1.3 supports acquisition and analysis of physical memory (RAM) on all Windows ' Operating Systems starting with Windows ' 2000 through Windows ' 2008 Server including all service packs both 32- and 64-bit (PAE and non-PAE). This is a huge step forward for the information security and computer forensic communities. Finally, these long-awaited capabilities are available to complement enterprise security best practices in the areas of host intrusion detection, computer forensics and security assessments. With HBGary Responder Professional 1.3, incident responders, forensic investigators, and malware analysts now have access to a wealth of runtime data that allows them to more accurately assess and investigate live Windows computer systems. "Our customers tell us that visibility into computer RAM is the only way they detect some of the latest malicious code found on their networks," said Rich Cummings, CTO of HBGary. "The network monitoring team sees traffic coming from compromised hosts, but cannot identify the malicious code on the machine using antivirus scanning technology."

Growing incidence of malware in memory Organized crime, foreign governments, disgruntled employees and other adversaries are contributing to a $100 billion dollar shadow economy of stolen information. In the past, malware was written by kids looking to enhance their reputation. Today much of the malware is written by professionals who develop military-grade exploits and malicious code that easily evade existing host security solutions. These advanced coding tricks allow them to exploit confidential information and computer assets at will. This rapidly developing problem is one of the driving forces behind the need for better malicious code detection, diagnosis, and response.

Just finding the malicious code and sending a copy to your antivirus vendor of choice for a signature is not enough anymore. Today organizations want answers fast. They want to know how to detect the malicious code, but also want to know what information is being stolen. Where is their data being sent? How does the malware propagate itself? How does it communicate? Does it use encryption? Is it stealing passwords and logging keystrokes? This kind of intelligence becomes critical when your most sensitive data is under attack.

"Our customers recognize there are gaps in current malware detection and analysis capabilities and are looking to physical memory analysis to answer some hard questions previously not addressed by other security software", said Cummings. "With cybercrime at an all time high, these capabilities are changing from `nice to have' to `need to have' for information security professionals and computer forensic investigators. You never know what digital artifact will provide the evidence needed to solve a cybercrime and point you to the smoking gun. If you're not incorporating offline memory analysis capabilities into your best practices, then you just don't know what you're missing."

HBGary Responder Professional 1.3: What's New?

Full Analysis Support for all 32- & 64-bit Windows Operating Systems

o Windows ' 2000 " 2008 Server

o PAE & Non-PAE

o All service packs

Full Unicode Searching and Reporting

o Logical and physical across the entire memory image

o Per process, module or driver

o Virtual Address Descriptor (VAD) Tree

Supports analyzing memory snapshots that are larger than 4GB

Identifies code installed using the Reflective DLL injection technique

Search and Report on data per process in the, Memory Heap and Stack

Enhanced Malware Analysis Plug-in (MAP)

o The MAP plug-in automatically generates a malware analysis report that provides a high level overview of each binary's possible capabilities broken out into 6 different factors.

Recommended Reading: