MANDIANT Upgrades Memory Forensics Software

Memoryze, Audit Viewer feature new capabilities

February 13, 2011

3 Min Read


Alexandria, Va., Feb. 3, 2011 - MANDIANT, the leader in incident response and computer forensics solutions and services, today announced upgrades to its popular memory forensics software, MemoryzeTM and Audit ViewerTM. MANDIANT Memoryze and Audit Viewer find malware and other forms of evil in live memory or in memory snapshots.

Memoryze upgrades:

* The ability to search the process address space for private byte signatures generated through collaboration with zynamics VxClass automated malware classification system.

* Expanded search capabilities including the ability to identify processes with e-mail addresses, social security numbers, IP addresses, partial domain names, URLs and byte code patterns.

* Complete Windows 7 x32 and x64 support.

* Beta support for Windows 2008 x32 Service Pack 1 and Service Pack 2. * Documentation for portable installation on removable media such as USB keys.

New in Audit Viewer:

* The ability to add notes about memory images.

* The ability to comment on any item in any process view, allowing for noting suspicious handles, DLLs and connection.

* Automatic report generation in Microsoft Word or text format with filtering for easy report creation.

* New Malware Rating Index (MRI) Rules, including the ability to generically detect unmapped processes, and the ability to detect load order attacks.

"Malware grouping and classification is essential to most incident responses. It allows an organization to build on its intelligence of previous threats. We are proud to partner with zynamics. They are experts in reverse engineering and binary analysis with decades of experience. With zynamics' VxClass, MANDIANT can take the power of automated threat classification and private signature generation to the enterprise, and we are happy to make this available to our stand-alone freeware customers as well," said Jamie Butler, Director of Research and Development for MANDIANT.

"The importance of scanning physical memory cannot be overestimated. Our private signatures allow the defender to have a 'secret weapon' in their fight against advanced attackers - but their greatest benefit is only realized when physical memory can be analyzed. MANDIANT has always been at the forefront of physical memory analysis, and we are happy to partner with them. Memoryze and AuditViewer are great tools, and certainly a must-have for everybody involved in incident response." said Thomas Dullien, CEO and Head of Research for zynamics.

For expanded blog coverage on Memoryze and Audit Viewer feature upgrades and fixes, please visit:

The company's flagship offering, MANDIANT Intelligent Response' (MIR), incorporates both Memoryze and Audit Viewer and is the industry's first enterprise-grade incident response solution. MANDIANT also offers five additional freeware tools for the industry.


MANDIANT is the information security industry's leading provider of incident response and computer forensics solutions and services. Headquartered in Alexandria, Va., with offices in New York, Los Angeles and San Francisco, MANDIANT provides products, professional services and education to Fortune 500 companies, financial institutions, government agencies, domestic and foreign police departments, and leading U.S. law firms. MANDIANT comprises one of the industry's largest incident response and forensics forces. The authors of nine books, and quoted frequently by leading media organizations, MANDIANT security consultants and engineers hold top government security clearances and certifications and advanced degrees from some of the most prestigious computer science universities. To learn more about MANDIANT visit, read M-Unition, the company blog:, follow on Twitter @MANDIANT or on Facebook at

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights