Skip to content

Responder PRO

Responder PRO is the industry standard physical memory and automated malware analysis solution. It is the most advanced tool available for reverse engineering available today.  In 2015 we released a new version which captures and analyzes physical memory not only in Windows platforms but now also in Linux.  This release enables Cyber Security Analysts to pull in and analyze Linux memory images and to perform memory forensics on endpoints. The new Responder PRO covers the two most popular versions of Linux available today, Red Hat Enterprise Linux (RHEL) and CentOS.

With its powerful memory forensics and malware identification capabilities, Responder PRO allows incident response professionals to collect and analyze critical threat intelligence that can only be found in physical memory such as chat sessions, registry keys, encryption keys, and socket information. With this information, incident responders can effectively validate and respond to a security incident.

Advanced Physical Memory Forensics, Malware Analysis and Reverse Engineering Tool

Responder PRO is a physical memory and automated malware analysis solution that improves the incident response process with its powerful memory forensics and malware identification capabilities, giving users the ability to collect and analyze critical threat intelligence. Many of today’s threats only reside in physical memory and never touch disk. Responder PRO provides users with many benefits such as behavioral profile reporting, pattern searching, code labeling and the ability to automatically disassembly code. Code can also be reviewed in control flow graphing that allows a user to visualize code, quickly identifying a malicious modules. Responder provides a detailed view into all the system activities including chat sessions, registry keys, encryption keys, and socket information.

Use Responder PRO for detecting password stealing malware

Key Benefits

  1. Responder PRO is able to analyze memory and score files using Digital DNA (DDNA) which is CounterTack’s patented behavior based scoring engine, allowing you to look beyond signatures at binary in-memory behaviors and techniques.
  2. Graphically shows how high scoring threat images are getting into the system (Windows AND Linux)
  3. Since Responder works in live memory, we defeat packers and most obfuscation techniques automatically while our patented DDNA technology can assist incident responders of all techni-cal skill levels in acquiring actionable intelligence in a just a few minutes.
  4. Responder PRO can provide confident reports to management on the status of the infection and provide the security team a list of addresses to block on the perimeter.

Responder PRO reports

Memory analysis and forensics competitive comparison

Responder PRO comparison

Qualifying questions

  1. Do you use any open source forensic tools? And are they enough?
  2. As part of your incident response plan do you capture memory?
  3. Do you have reverse engineers or incident response teams working to analyze images found in physical memory?
  4. Do you currently search for Indicators of Compromise (IOC) in your network?
Volver arriba