Think your systems are secure? Take a Second LookTM
VOLATILE MEMORY ACQUISITION AND ANALYSIS FOR LINUX-BASED SYSTEMS
Second LookTM captures, and forensically preserves, a computer's volatile random-access memory (RAM). It analyzes the Linux Operating System Kernel in live memory or via a memory image, verifying its integrity and searching for signs of rootkits or other subversive software that have modified the executable kernel code or kernel data structures.
With Second Look, analysts and investigators have a tool that provides a comprehensive view of a system, uninfluenced by any malware that might be running on it. Information pulled directly out of memory includes running processes, active network connections, loaded kernel modules, and many other essential system parameters. Second Look uncovers hidden kernel modules, processes, and network activity with ease. Additionally, in an effort to assist with the analysis of kernel memory, Second Look integrates a real-time disassembler that allows inspection of any function or segment of kernel memory.
As threats to computer systems continue to increase in sophistication, traditional post-mortem (dead box) forensic analysis of hard disk contents is no longer sufficient. Advanced exploits allow for the implantation of rootkits and backdoors directly in memory, without an actual file ever touching the disk. Volatile memory must be acquired in a trustworthy fashion, and analyzed with state-of-the-art security software such as Second Look.
Whether you are a member of an intrusion response team seeking to quickly determine what happened after an incident, a forensic investigator seeking evidence to confirm or deny a possible Trojan defense in a computer crime case, or simply a paranoid system administrator looking to apply true defense-in-depth security, Second Look is the tool you need.
Please contact Pikewerks for additional details, to schedule a demonstration, or to receive an evaluation version.
