Responder Professional

Responder Pro is the industry’s first live memory and runtime analysis platform for Windows operating systems. Responder Pro integrates the most powerful physical memory and reverse engineering capabilities into one product suite providing information assurance analysts, computer emergency response teams, and computer crime investigators with the critical capabilities to collect, analyze, diagnose and report on runtime data contained in physical memory.

Disk and signature based detection tools are no match against malicious code using the latest anti-forensics, anti-detection, and anti-debugging techniques. It’s no wonder that 80% of new malware is missed by Antivirus. Responder Pro provides analysts and investigators with unprecedented visibility into memory and runtime state information to detect these resistant binaries because software (good or bad) cannot execute without being present in live memory.

With a mouse click, unknown or suspicious binaries detected by Responder can be analyzed, disassembled and debugged to determine if they are malicious and to gain understanding of their capabilities and behaviors.

HBGary Responder supports proactive security assessments, live computer incident response, forensic investigations, and malware analysis.

Responder Pro Memory Analytics provide the following:

• Running processes
• Open files
• Passwords in clear text
• Unencrypted data
• Instant messages
• Installed network devices
• Keyboard monitors
• Rootkits & Trojans
• Network socket information
• Registry info

Binary and Runtime Forensic Capabilities: Responder Pro integrates dynamic runtime tracing with data flow and static code analysis. Captured test data is recorded in a team-member shared database for further analysis with automated scripts and interactive graphing.

• Static Disassembly of Binaries
• Automated Malware Analysis & Reporting
• Advanced Graphing and Visualization

Preservation of Live Windows Memory (RAM)

HBGary Fastdump software utility is a free download to enable investigators and security analysts to easily "freeze the live memory" on workstations and servers. HBGary Fastdump is software that creates a block by block dump of physical memory on live Windows Operating systems.