Published on June 15th, 2017 | by MaxiSoler0
Invtero.net – Forensics, Memory Integrity & Assurance Tool
inVtero.net is a high speed (Gbps) Forensics, Memory integrity & assurance tool. Includes offensive & defensive memory capabilities. Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitechture independent Virtual Machine Introspection techniques.
inVtero.net is a Windows x64 focused forensics memory analysis system that uses high assurance methods to detect and analyze volatile memory. The code base has been written from the ground up and shares no commonality with volatility or Rekall. This enables inVtero.net to achieve much higher performance and compatibility with Windows memory dumps.
Several analytical capabilities for nested hypervisor detection do not exist in any other platform. Script with python to extend the existing capability, dump memory with delocating (enable hash validation of code in memory and eliminate wasted time spent analyzing relocated code).
inVtero.net also supports offensive capabilities like PCILeech (coined cloudleech) has a built in assembler/dissassembler, high performance symbol interface and some new UI primitives that make editing live hypervisor memory a snap.
- Crash dump (PAGEDUMP64 / Blue Screen dump files)
- Symbolic type extraction / binding
- DLR Scripting (Python)
- Basic Linux (Primary support on: BSD, HyperV, Windows, Generic (Self pointer page tables))
- Find/Extract processes, hypervisors (including nested) in memory dumps using microarchitecture independent Virtual Machine Introspection techniques. Cross platform, multi-architechture high performance physical memory analysis tools.
More Information: here
Thanks to K2 for sharing this tool with us.