Free new program Memoryze pinpoints malware code in live memory

[MrBrian]

http://blogs.zdnet.com/security/?p=2150

[Franklin]

Looks good but doesn't seem to support Vista?

Quote:

Memoryze supports:

* Windows 2000 Service Pack 4
* Windows XP Service Pack 2 and Service Pack 3 (32-bit)
* Windows 2003 Service Pack 2 (32-bit)

Most service packs within a major version of the operating system will work, but the focus was on these.

[optigrab]

I read the features list, but I don't know enough to answer this question: Does Memoryze work in the same way as BoClean?

[MrBrian]

Quote:

Originally Posted by optigrab

I read the features list, but I don't know enough to answer this question: Does Memoryze work in the same way as BoClean?

No - Memoryze, from what I've read, is a forensics program.

[Trespasser]

Appears to just report what is going on in memory.

[PROROOTECT]

For me- it is illegible. Riddle: is it for developpers?

PS. For Mandiant Red Courtain ( sehr gut, super ) look to thread ( in software & services ) : Your NEW BEST Free Softwares ... , #99.
For excellent anti-rootkit: see KX-Ray ...

[dw2108]

That site looks exactly like the NictaTech AV site. Clones concern me.

Dave

[Meriadoc]

Don't know about that but Memoryze is a very nice tool produced by some top pros in this field. The company can be said to be similar to HBGary with various other services.

(edit : don't forget their other tools, first response, red curtain, web historian.)

[EASTER]

Hey

Is there a way to test this app? Just a little lost with something this new like this.

Interested in seeing if it can serve some useful purpose or not in this army of defense i deploy.

Thanks EASTER

[EASTER]

It must be a gimmick

[nick s]

Quote:

Originally Posted by EASTER

It must be a gimmick

It's not a gimmick if Jamie Butler is involved. I'll give it a spin tomorrow on my remaining XP partition and see what it does. It's a forensic tool that analyzes memory dumps; it's not a resident security app.

Nick

[EASTER]

Quote:

Originally Posted by nick s

It's not a gimmick if Jamie Butler is involved. I'll give it a spin tomorrow on my remaining XP partition and see what it does. It's a forensic tool that analyzes memory dumps; it's not a resident security app.

Nick

Thanks

Pls offer some kind of activity that a user can either find reported or action performed even if it's a summary because it does absolutely nothing that i can find at all in it's current makeup.

EASTER

[nick s]

Quote:

Originally Posted by EASTER

Thanks

Pls offer some kind of activity that a user can either find reported or action performed even if it's a summary because it does absolutely nothing that i can find at all in it's current makeup.

EASTER

It's usage is via the command line and the output is logged to .xml files. It's not point-and-click. The sample instructions are straightforward: Memoryze - Use Cases and Examples.

Nick

[Meriadoc]

Quote:

It must be a gimmick

Hi EASTER, no it most certainly is not. I've used it often as with their first response which is a very nice reporting tool for networked or local machine. As nick s link above for instructions - default save to is Mandiant>Audits.

[Jamie Butler]

Thanks Nick for the kind words. We recognize that Memoryze's output is not very user friendly so one of my colleagues has coded a open source Python GUI for you to use. You can read about it on our new blog site: http://blog.mandiant.com/archives/50

I hope you find this and Memoryze useful.

Sincerely,
Jamie Butler

[Meriadoc]

Jamie, thanks posting the link.

From the Audit viewer user guide pdf,

Quote:

Installation Perquisites
To run Audit Viewer, the user must have Python 2.5 or 2.6 and the wxPython library installed. The user can download these from:
• python.org
• wxpython.org/download.php#binaries