Free new program Memoryze pinpoints malware code in live memory

http://blogs.zdnet.com/security/?p=2150

 

Looks good but doesn't seem to support Vista?

 

I read the features list, but I don't know enough to answer this question: Does Memoryze work in the same way as BoClean?

 

No - Memoryze, from what I've read, is a forensics program.

 

Appears to just report what is going on in memory.

 

For me- it is illegible. Riddle: is it for developpers?

PS. For Mandiant Red Courtain ( sehr gut, super ) look to thread ( in software & services ) : Your NEW BEST Free Softwares ... , #99.
For excellent anti-rootkit: see KX-Ray ...

 

That site looks exactly like the NictaTech AV site. Clones concern me.

Dave

 

Don't know about that but Memoryze is a very nice tool produced by some top pros in this field. The company can be said to be similar to HBGary with various other services.

(edit : don't forget their other tools, first response, red curtain, web historian.)

 

Hey

Is there a way to test this app? Just a little lost with something this new like this.

Interested in seeing if it can serve some useful purpose or not in this army of defense i deploy.

Thanks EASTER

 

It must be a gimmick

 

It's not a gimmick if Jamie Butler is involved. I'll give it a spin tomorrow on my remaining XP partition and see what it does. It's a forensic tool that analyzes memory dumps; it's not a resident security app.

Nick

 

Thanks

Pls offer some kind of activity that a user can either find reported or action performed even if it's a summary because it does absolutely nothing that i can find at all in it's current makeup.

EASTER

 

It's usage is via the command line and the output is logged to .xml files. It's not point-and-click. The sample instructions are straightforward: Memoryze - Use Cases and Examples.

Nick

 

Hi EASTER, no it most certainly is not. I've used it often as with their first response which is a very nice reporting tool for networked or local machine. As nick s link above for instructions - default save to is Mandiant>Audits.

 

Thanks Nick for the kind words. We recognize that Memoryze's output is not very user friendly so one of my colleagues has coded a open source Python GUI for you to use. You can read about it on our new blog site: http://blog.mandiant.com/archives/50

I hope you find this and Memoryze useful.

Sincerely,
Jamie Butler

 

Jamie, thanks posting the link.

From the Audit viewer user guide pdf,