Wednesday, October 01, 2008

FileAdvisor: software file search engine

Troy Larson sent me a heads up on Bit9's FileAdvisor, a service they describe as "a comprehensive catalog of executables, drivers, and patches found in commercial Windows applications and software packages. Malware and other unauthorized software that affects Windows computers is also indexed."
I immediately checked the FileAdvisor db for malware results as well non-Windows binaries and was pleasantly surprised with immediate and comprehensive results. You do have to register, but I was further impressed with the fact that they offered the option for a short or full registration.
This appears to be worthy of a bookmark in your incident handler/malware researcher/forensic investigator toolkit. | digg


Anonymous said...

(Disclosure: I have a close friend who's worked at Bit9 before they put out v1.0)

I, too, have found FileAdvisor to be a valuable resource. While the database might be updated with information that Bit9 collects and feeds it, I urge users to submit hashes for files they come across in their analyses. Though I'd love to see more non-commercial efforts in this area, I'm still glad to see someone else throw FileAdvisor out there :)

Rafal said...

I'm going to have to support this one too Russ, good find. There are honestly *not enough* of these sites/services around. The problem is finding one that isn't "influenced" by ... uhmm... vendors (good or bad) :)

toolsmith #133 - Anomaly Detection & Threat Hunting with Anomalize

When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...