Troy Larson sent me a heads up on Bit9's FileAdvisor, a service they describe as "a comprehensive catalog of executables, drivers, and patches found in commercial Windows applications and software packages. Malware and other unauthorized software that affects Windows computers is also indexed."
I immediately checked the FileAdvisor db for malware results as well non-Windows binaries and was pleasantly surprised with immediate and comprehensive results. You do have to register, but I was further impressed with the fact that they offered the option for a short or full registration.
This appears to be worthy of a bookmark in your incident handler/malware researcher/forensic investigator toolkit.
del.icio.us | digg
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...
2 comments:
(Disclosure: I have a close friend who's worked at Bit9 before they put out v1.0)
I, too, have found FileAdvisor to be a valuable resource. While the database might be updated with information that Bit9 collects and feeds it, I urge users to submit hashes for files they come across in their analyses. Though I'd love to see more non-commercial efforts in this area, I'm still glad to see someone else throw FileAdvisor out there :)
I'm going to have to support this one too Russ, good find. There are honestly *not enough* of these sites/services around. The problem is finding one that isn't "influenced" by ... uhmm... vendors (good or bad) :)
Post a Comment