WindowsSCOPE

WindowsSCOPE Cyber Forensics 3.2 Now Available

BlueRiSC — Tue, 15 Aug 2017 14:13:04 +0000

A new version of WindowsSCOPE Cyber Forensics is now available. WindowsSCOPE version 3.2 now includes support for the latest versions of Windows operating systems through Windows 10. Also included with version 3.2 is WindowsSCOPE’s data search tool. Use it to find URLs, credit cards, email addresses, phone numbers, and other digital forensic artifacts hidden memory.

The post WindowsSCOPE Cyber Forensics 3.2 Now Available first appeared on WindowsSCOPE.

Automated Rootkit Detection with ThreatSCOPE

BlueRiSC — Wed, 27 Jul 2016 10:23:29 +0000

This article will show how you can use the ThreatSCOPE feature of WindowsSCOPE to detect rootkits installed on a system. One of the difficulties in detecting rootkits and other advanced malware is that they’re often packed, encrypted, or injected by other means than being run from an executable file on the disk. This means they […]

The post Automated Rootkit Detection with ThreatSCOPE first appeared on WindowsSCOPE.

WindowsSCOPE Cyber Forensics Ultimate 64-Bit Now Available

BlueRiSC — Mon, 25 Jul 2016 10:23:29 +0000

The latest addition to the WindowsSCOPE product lineup, Cyber Forensics Ultimate, is now available at the online store. This new version incorporates all the interactive features of previous versions, including system-wide disassembly and control flow graphing of both user and kernel space. The 64-bit version enables support for importing memory dumps taken from any 64-bit […]

The post WindowsSCOPE Cyber Forensics Ultimate 64-Bit Now Available first appeared on WindowsSCOPE.

New WindowsSCOPE Product – CaptureGUARD Gateway

BlueRiSC — Mon, 25 Jul 2016 10:23:29 +0000

WindowsSCOPE now offers PCI Express and ExpressCard platforms capable of imaging physical memory and providing other cyber security related capabilities even in locked computers. CaptureGUARD Gateway can be customized for various advanced cyber security and forensics use-cases not possible with other solutions on the market. Please contact us at support@windowsscope.com to explore how these capabilities […]

The post New WindowsSCOPE Product – CaptureGUARD Gateway first appeared on WindowsSCOPE.

Bypassing Windows Login Passwords with CaptureGUARD Gateway for Forensic Acquisition

BlueRiSC — Wed, 20 Jul 2016 10:23:29 +0000

Live memory acquisition is becoming increasingly important for digital investigations. One of the biggest obstacles with memory acquisition, however, is that in many cases a computer under investigation is locked, requiring a password that is not available. CaptureGUARD Gateway enables investigators to overcome this challenge by allowing them to log into a computer without knowing […]

The post Bypassing Windows Login Passwords with CaptureGUARD Gateway for Forensic Acquisition first appeared on WindowsSCOPE.

New WindowsSCOPE Memory Forensics Training Videos Available

BlueRiSC — Wed, 18 May 2016 10:23:29 +0000

Two new tutorial videos are now publicly available on the WindowsSCOPE websiite – “Using WindowsSCOPE to Investigate 64-Bit Virtual Memory Management” and “Using WindowsSCOPE to Analyze the Shadow Walker Rootkit”. With 64-bit computers becoming increasingly common, the Introduction to 64-Bit Virtual Memory Management video will bring you up to speed on how Windows memory management […]

The post New WindowsSCOPE Memory Forensics Training Videos Available first appeared on WindowsSCOPE.

Reverse Engineering the Vanquish Rootkit – Part 2

BlueRiSC — Wed, 20 Apr 2016 10:23:29 +0000

If you followed our prior post on the Vanquish rootkit, you might remember how we identified anomalies in a system that led us to finding a Vanquish rootkit infection. You can go back to Part 1 and review it on your own, but here is a quick summary of how we discovered the rootkit: Found […]

The post Reverse Engineering the Vanquish Rootkit – Part 2 first appeared on WindowsSCOPE.

Reverse Engineering the Vanquish Rootkit – Part 1

BlueRiSC — Mon, 18 Apr 2016 10:23:30 +0000

The first warning sign that we noticed in this snapshot was in the process for cmd.exe (this is for a Windows command line window). See below for a screenshot of the contents of this process:

The post Reverse Engineering the Vanquish Rootkit – Part 1 first appeared on WindowsSCOPE.

Introduction to Windows Kernel: Review IDT, SSDT and other Structures

BlueRiSC — Fri, 18 Mar 2016 10:23:30 +0000

You can access the video here.

The post Introduction to Windows Kernel: Review IDT, SSDT and other Structures first appeared on WindowsSCOPE.

Introduction to WindowsSCOPE Live

BlueRiSC — Thu, 18 Feb 2016 10:23:30 +0000

Step 1 – Setting up your WindowsSCOPE Live Server The first step in getting WindowsSCOPE Live running is to download and install the WindowsSCOPE Live server. You can get the server on the WindowsSCOPE downloads page, here, after registering. To install WindowsSCOPE Live Server, simply run the installer and follow the steps. Then run the […]

The post Introduction to WindowsSCOPE Live first appeared on WindowsSCOPE.