WindowsSCOPECaptureGUARD Gateway – Access to Locked Computers $9,199 Add to cart CaptureGUARD Physical Memory Acquisition Hardware – ExpressCard $7,799 Add to cart CaptureGUARD Physical Memory Acquisition Hardware – PCIe Add-on $9,599 Add to cart WindowsSCOPE 3.3 Cyber Forensics Tools $9,199 – $19,499 Select options WindowsSCOPE Cyber Forensics 3.3 Trial $1 Add to cart WindowsSCOPE Forensic Archiving Appliance Read more WindowsSCOPE…
read moreTwo new tutorial videos are now publicly available on the WindowsSCOPE websiite – “Using WindowsSCOPE to Investigate 64-Bit Virtual Memory Management” and “Using WindowsSCOPE to Analyze the Shadow Walker Rootkit”. With 64-bit computers becoming increasingly common, the Introduction to 64-Bit Virtual Memory Management video will bring you up to speed on how Windows memory management has changed in 64-bit Windows…
read moreIf you followed our prior post on the Vanquish rootkit, you might remember how we identified anomalies in a system that led us to finding a Vanquish rootkit infection. You can go back to Part 1 and review it on your own, but here is a quick summary of how we discovered the rootkit: Found a hidden module listed in…
read moreThe first warning sign that we noticed in this snapshot was in the process for cmd.exe (this is for a Windows command line window). See below for a screenshot of the contents of this process:
read moreYou can access the video here.
read moreStep 1 – Setting up your WindowsSCOPE Live Server The first step in getting WindowsSCOPE Live running is to download and install the WindowsSCOPE Live server. You can get the server on the WindowsSCOPE downloads page, here, after registering. To install WindowsSCOPE Live Server, simply run the installer and follow the steps. Then run the server program, which you will…
read more2. Some systems cannot be shut down so live analysis is the only option. Live data can be captured and analyzed offline. 3. It is highly useful to collect information about the kernel, processes, registry and file accesses, as well as, network communications and their associations. Suspicious processes and their activity can be tracked. WindowsSCOPE has different capturing methods enabling…
read more“BlueRiSC’s approach looks very appealing due to its innovative approach on the problem of healing security vulnerabilities in software without requiring human intervention.” Mayan Mathen – CTO NTT Innovation Institute Inc.
read more“One unique benefit of the (BlueRiSC’s) solution is that it addresses multiple classes of software vulnerabilities, including silent vulnerabilities that don’t alter system state. To our knowledge there is no approach that captures silent vulnerabilities and BlueRiSC’s solution looks very promising since it has deep and fundamental underpinnings that can become game changing for not only deployed systems but also…
read more