A new version is distributed REMnux specifically on Linux has been released. This new tool serves to make reverse-engineering malware, including tools to perform forensic analysis on memory as well as analysis of potentially malicious PDF files.REMnux first released last year and is the work of Lenny Zeltser, a SANS instructor and malware. Remnux designed to create an independent environment that analyzes and perform reverse-engineering malware and other malicious applications and Web sites. This file can be downloaded separately and on the run via a CD or virtual drive.
There are two new features on the new REMnux in this release of Origami Framework, which can be used to analyze PDF files are dangerous. And the second is a Volatility Framework is to perform forensic analysis on memory. In addition to these features, REMnux version 3 is also equipped with other features.
Some of them are:
- For network analysis: NetworkMiner, ngrep, pdnstool
- Analysis PDF: PDF X-Ray Lite (pdfxray_lite and swf_mastah), peepdf
- Analysis of JavaScript: Chrome JavaScript engine (D8), js-Beautify, and to
- Examining file: Hachoir (hachoir-subfile, hachoir-metadata, hachoir-urwid), pyew, densityscout, findaes.
In the latest version of this REMnux also include a user manual that gives some pointers on how to get started and supporting commands to run the operation.
0 comment:
Post a Comment