Live Memory Forensics Added to ProDiscover Incident Response

Share Article

Memory imaging and search capability improves CERT teamsÂ? ability to analyze volatile data and detect compromised systems.

Technology Pathways announces the release of the latest version of ProDiscover Incident Response with a new capability to forensically image the memory of live systems via the network. The image file, along with its hash signature may be added to the investigators report file for use later in court proceedings. Once the memory is successfully imaged, the resulting image file may be searched for items of interest such as passwords, registry entries or evidence of malicious code. These new capabilities will give CERT teams a new weapon in the battle against worms and Trojans that plague today’s networks.

“The memory is captured using low level memory read commands and brought back over the network to the forensic console” stated Chris Brown, Founder and CTO of Technology Pathways. “It is a pure memory dump and can be used in conjunction with the page swap tables that are resident on disk to analyze and understand what is really running on a system.”

Memory forensics is a new area for forensic tools and Technology Pathways is the first company to provide this capability in an integrated incident response and forensics tool. Only in the past few years have forensic tools been able to connect to live systems and provide access to the information on a suspect system disk. The ability to capture memory in a forensically sound manner will enable corporate investigators to find passwords that may grant access to data that was difficult or impossible to capture until now and will enable CERT teams to more easily identify compromises and evidence that may help bring the perpetrators to justice.

About Technology Pathways, LLC

Technology Pathways, LLC is a leading edge provider of computer and network security tools and services for the Corporate IT, government, education, and legal communities. The ProDiscover® family of products provides affordable software solutions in the areas of computer forensics, incident response, system auditing, internal investigations and electronic discovery. Our CISSP certified consultants provide security, forensic and discovery services to corporations and law firms. Technology Pathways products and services are utilized nationally by major corporations and government agencies.

For more information please see Technology Pathway’s website at http://www.techpathways.com or contact: Steve Richardson, Technology Pathways

(888) 894-5500 x211

# # #

Share article on social media or email:

View article via:

Pdf Print

Contact Author

Steve Richardson
Visit website