Jump to content











Photo
- - - - -

Forensic tools helping in Development


  • Please log in to reply
3 replies to this topic

#1 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 03 March 2009 - 06:04 PM

Hi

Just want to share a nice little tool called SysAnalyzer developed by iDefense.

It was primarily meant to analyze malware/malcode, but has an easy to use interface with appealing features that other capturing tools miss.

Here's the files with a batch to register it directly in PE; http://www.mediafire...SysAnalyzer.rar

And the original setup; http://labs.idefense...are/malcode.php

GPL License!

SysAnalyzer can automatically monitor and compare:
  • Running Processes
  • Open Ports
  • Loaded Drivers
  • Injected Libraries
  • Key Registry Changes
  • APIs called by a target process
  • File Modifications
  • HTTP, IRC, and DNS traffic

SysAnalyzer also comes with a ProcessAnalyzer tool which can perform the following tasks:
  • Create a memory dump of target process
  • parse memory dump for strings
  • parse strings output for exe, reg, and url references
  • scan memory dump for known exploit signatures


Joakim

#2 sanbarrow

sanbarrow

    Silver Member

  • Developer
  • 788 posts
  • Location:Germany - Sauerland

Posted 03 March 2009 - 07:04 PM

nice find - thanks for sharing

Ulli

#3 pscEx

pscEx

    Platinum Member

  • Team Reboot
  • 12707 posts
  • Location:Korschenbroich, Germany
  • Interests:What somebody else cannot do.
  •  
    European Union

Posted 03 March 2009 - 07:11 PM

Really an interesting site :cheers:
I think that tomorrow I'll try something!

I think that it would be interesting for much more members who could use it, (but do not look into 'development' because they are no developers), if you move it to the Community Forum > Websites.

If you as new member do not have the allowance, ask Jaclaz to do so.

Thanks again!

Peter

#4 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 03 March 2009 - 07:21 PM

If you as new member do not have the allowance, ask Jaclaz to do so.


You called?

:cheers:

:cheers:

jaclaz




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users