HBGary released Responder Professional 2.0, a Windows physical memory and automated malware analysis tool. The Professional platform is designed for Incident Responders, Malware Analysts, and Computer Forensic Investigators who require rapid results. Responder Professional provides powerful memory forensics and malware identification with Digital DNA.

Malware analysis includes automated code disassembly, behavioral profiling reporting, pattern searching, code labeling, and control flow graphing. Responder Professional 2.0 gets information on malware directly from memory rather than the operating system.

A key feature, REcon is a technology that records and graphs malware behavior at runtime so users can extract critical data from unknown executables. REcon issues a report that automatically details all the important behavior from a malware sample, including network activity, file activity, registry activity, and suspicious runtime behavior such as process and DLL injection activity.

Responder also comes with an add-on called Digital DNA, and supports Windows 7 memory analysis. All executable code residing in memory are scanned and ranked by level of severity based upon programmed behaviors. The Digital DNA Sequence appears as a series of Trait codes when concatenated together describe the behaviors of each software module. Observed behavioral Traits are matched against HBGary’s “Malware Genome” database to classify digital objects as good, bad or neutral. Rules and weighting are applied to compute the overall Severity score.

Tags: behavior analysis, digital dna, hbgary, malware