Memory Acquisition Tools. FastDump - HBGary - www.hbgary.com Fastdump is the industry's most forensically sound Windows memory dumping utility. Fastdump has a memory footprint that is far less than other tools such as Helix/DD.
SACRAMENTO, Calif., Jul 22, 2013 (BUSINESS WIRE) - In order to help enterprises significantly improve their ability to prioritize and manage the rising volume, variety and complexity of cybersecurity incidents, today HBGary announced that it will launch V-App(TM) for Incident Response Command Center at Black Hat(R) USA 2013 on Wednesday July 31st, 2013 and Thursday August 1, 2013 at Caesar's Palace in Las Vegas. For a demonstration, please visit HBGary, a Gold Sponsor for Black Hat(R) USA 2013, at booth #225. ManTech Cyber Solutions International, Inc. (MCSI), a wholly-owned subsidiary of ManTech International Corporation, Inc., recently acquired V-App for Incident Response Command Center and other assets from Seattle-based VANTOS, Inc.
VANTOS V-Flex(TM) Platform and V-Apps(TM) are used in a variety of market segments such as technology, e-commerce, gaming & leisure, and law enforcement. 'Incident Response is more than just tools and techniques. It's also process and management. Our VANTOS Platform integrates people, process, and tools in order to provide a comprehensive incident response process.
The VANTOS Platform gathers and displays data from SIEM, IPS and other sources in one common view to enable much faster response while providing easy-to-understand evidence for the C-Suite,' said Ken Silva, President of ManTech Cyber Solutions International. 'This platform combined with our world-class incident response and malware detection capabilities are transforming how organizations conduct and manage digital investigations.' The Need for Security Incident Management Today enterprises are under persistent attacks and need a platform that integrates with all of their security tools to provide visibility and prioritize security incidents for faster, more targeted response. The V-App(TM) for Incident Response Command Center integrates and manages all incident data, correlates threat intelligence and automates all incident processes, providing stakeholders rapid insight into trends and metrics with real-time dashboards. In addition to V-App for Incident Response Command Center, the V-App suite includes incident reporting portal, threat intelligence portal, and investigation management.
These and other V-Apps are composite applications that provide automation, integration, collaboration, access control, reporting and dashboards sized and tuned to fit the unique needs of any organization. To learn more about V-App for Incident Response Command Center, please stop by our booth #225 or contact [email protected]. HBGary Black Hat(R) USA 2013 Events In addition to demonstrating V-App for Incident Response Command Center, HBGary will demonstrate how its flagship enterprise solutions, Active Defense(R) and Responder(R) Pro are used every day by enterprises of all sizes in various markets including Energy, Manufacturing, and Technology as well as leading U.S. Government agencies to manage and perform all aspects of incident response, from monitoring and determining scope of breach with Active Defense(R) with Digital DNA(R) to validating a breach using the de facto industry standard deep-dive memory forensics solution, Responder(R) Pro. HBGary is also launching two special, limited promotions at Black Hat(R): Active Defense(R) For IR Consultants, and Responder(R) Pro. For more details and to take advantage of these specials, you must stop by the HBGary booth #225 to receive a promotion coupon.
In May 2013, SC Magazine gave Responder(R) Pro 41/2 out of 5 stars in its review of the product: 'HBGary's Responder Professional is a Windows memory acquisition and analysis tool that offers a variety of features useful to malware analysts and computer forensic investigators. It allows the investigator to capture data and processes residing in volatile random-access memory for the purpose of further examination later.
Its powerful array of analysis tools makes it a must-have for professionals who desire a rapid delivery of meaningful, interpreted results.' About HBGary HBGary provides Enterprise Incident Response solutions and managed services to enable organizations to conduct all phases of incident response including detecting zero-day- and other unknown malware, validating whether an actual incident has occurred, and responding to and managing the incident. Customers include Fortune 50 to midsize corporations as well as U.S. Government agencies.
HBGary is located in Sacramento, CA, and is a subsidiary of ManTech International Corporation. For information, please visit or follow us on Twitter or on Facebook. SOURCE: HBGary HBGary Karen Burke, 916-459-4727 Copyright Business Wire 2013.
Responder LE (Law Enforcement Exclusive) THIS RESPONDER SUITE IS OFFERED TO LAW ENFORCEMENT ORGANIZATIONS AT MORE THAN A 75% DISCOUNT! Catching cybercriminals today requires investigators to perform difficult and time-consuming memory forensics while simultaneously locating, or ruling out, advanced malware infections — not an easy task. Law enforcement agency budgets have been severely cut due to the economic recession. To meet these challenges, HBGary offers Responder™ LE exclusively for law enforcement at a significantly discounted price. You must have a badge to obtain Responder LE. Memory Preservation FDPro™ is included with Responder™ LE and is the industry’s most complete memory acquisition software utility, designed to preserve Windows™ physical memory for information security and computer forensic purposes.
FDPro™ supports all versions of Windows™ operating systems and service packs, 32- and 64-bit, including systems with more than 4 GB of RAM. FDPro™ also supports acquisition of the Windows™ pagefile following the acquisition of RAM and other useful tricks for a more thorough memory investigation. Today, if you’re not doing memory analysis as part of your computer case, you are not doing a complete investigation. Don’t lose your court case because you didn’t perform a complete computer investigation.
The Field Edition includes memory preservation, diagnosis and reporting. Operating System Information: Running processes and modules Open files Network connections and listening ports Open registry keys Interrupt Descriptor Table System Service Descriptor Table Application Information: Passwords in clear text Unencrypted data Instant messenger chat sessions Document data Web-based email Outlook email Maleware Detection: Keystroke loggers Rootkits Trojans Bots Banking Trojans Polymorphic code Preservation of Windows Physical Memory and Pagefile: FastDump Pro enables investigators and security analysts to easily 'freeze the live memory' on workstations and servers. Pagefile acquisition support, 64-bit support, and FastDump Pro also provide process probing, compression, speed upgrades, and nearly 100% reliable memory-page queries for systems with more than 4GB of RAM. Memory Analytics: Responder Field Edition provides the most thorough and comprehensive memory analysis capability in the industry.
Responder virtually rebuilds all the underlying data structures in RAM. This includes all physical to virtual address mappings, recreates the object manager, exposes all objects, and enables investigators to perform a complete and comprehensive computer investigation.