Mandiant lists all open network sockets, including those hidden by rootkits
Mandiant’s Memoryze™ is free memory forensic software that helps incident responders find evil in live memory. Memoryze can acquire and/or analyze memory images and on live systems can include the paging file in its analysis. Show
Memoryze can:
Memoryze for the Mac can:
Mandiant’s Memoryze can perform all these functions on live system memory or memory image files – whether they were acquired by Memoryze or other memory acquisition tools. The utility, called Mandiant Memoryze, was released at this year's Hack in the Box conference in Kuala Lumpur, Malaysia.
In Mandiant's forensics lab, Butler said Memoryze is used to find memory resident-only shellcode, that does not exist on disk. "If the attacker is there, Memoryze can pull the malicious code directly from memory, so our malware analysis team can begin the analysis," he added. Memoryze features include:
Mandiant says the tool can perform all these functions on live system memory or memory image files – whether they were acquired by Memoryze or other memory acquisition tools. Memoryze (free download) supports Windows 2000 Service Pack 4, Windows XP Service Pack 2 and Service Pack 3 (32-bit), and Windows 2003 Service Pack 2 (32-bit). Which type of strategy hides the most valuable data at the innermost part of the network?Layered network defense strategy, which sets up layers of protection to hide the most valuable data at the innermost part of the network.
Which one of the following is defined as hiding messages in such a way that only the intended recipient knows the message is there?Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data.
What is the biggest problem with live acquisitions?The biggest problem with live acquisitions is the order of volatility. It determines how long a piece of information lasts on a system during a live acquisition.
What type of attacks use every possible letter number and character found on a keyboard when cracking a password?Brute-force attacks are carried out by hackers who try to crack a password by simply trying out different combinations of characters in quick succession. The algorithm is very simple and is limited to trying out as many character combinations as possible, which is why it is also called "exhaustive search".
|