Guidance Software has teamed up with HBGary to extend investigative capabilities to include RAM analysis. (physical memory, volatile data) Using the WinEn utility built into version 6.11, of both EnCase Forensic and Enterprise, the generated logical evidence files (LEFs) can be exported to HBGary Responder products.
Using automated analysis, Responder can expose:
- Registry info
- Instant messages (IMs)
- Running processes
- Passwords in clear text
- Unencrypted data
- Open Files
- Installed network devices
- Keyboard monitors
- Rootkits & Trojans
- Network socket information
Key data can be missing from investigations if RAM is not collected. Responder comes in two versions.
HBGary Responder Field Edition
This version provides automated parsing and analysis of physical memory, automated malware analysis and sophisticated reporting tools for the investigator who needs to understand the state of the computer.
HBGary Responder Professional
The Professional model includes all of the Field Edition features, along with powerful proactive threat analysis capabilities. This is designed for the Forensic Examiner that not only needs to know the state of the computer but also has to fix any problems found. The advanced features include; binary import analysis, runtime binary analysis, advanced interactive graphical visualization and integrated static/dynamic reverse engineering.