Responder Pro

Memory Forensics for Deep Endpoint Investigation

CounterTack’s Responder PRO forensics tool is the preeminent tool for reverse engineers.

With powerful memory forensics and malware identification capabilities, Responder PRO enables incident response professionals to collect and analyze attack residue and artifacts from memory. Users can leverage information found in physical memory to validate security incidents and drill down to determine root cause and the potential impact.

Technology Partners

Behaviorally-based Analysis In-Memory

Comparably to Volatility, Responder PRO leverages proprietary behavioral engine, Digital DNA, to obtain impact scoring, which helps users analyze malware and other threat indicators to uncover root cause. The fundamental difference is Responder delivers a consistently updated tool behavioral intelligence source, built on over 3000+ traits, to correlate the analysis performed on a single machine.

Every element of physical memory can be analyzed with Responder PRO, from the standard process and module details to extensive details on open files, sockets and registry keys. Forensics and reverse engineers can scan document fragments, Internet history, and keys and passwords are automatically extracted from memory and made available.

Responder PRO’s deep malware analysis includes automated code disassembly, behavioral profile reporting, pattern searching, code labeling, and control flow graphing and is based on our flagship technology, Digital DNA®. It can analyze both 32-bit and 64-bit memory.

Unprecedented Investigation Capabilities

Many security tools only gather surface-level intelligence, which often don’t provide incident response pros with enough information to either reimage a machine, or understand the broader impact that malware artifacts might have, when discovered.

Real-time alerting from IR and other SOC-based security products drives the need for Responder PRO at the investigative level, letting reverse engineers define exactly how malware was executed on specific machines, with the ability to disassemble and visualize the results. Further, reverse engineers can produce reports that demonstrate with granular, fine-grained detail on root cause to define how threats have penetrated and to illustrate to managers how threats will potentially impact other machines.

With DDNA, Responder PRO makes the job of deep endpoint investigation more manageable so that incident responder and forensics teams can be more accurate in how they are reporting endpoint threat penetration. 

responder helps IR Pros visualize threat strings

rp_flowchart.png

reverse-engineer the entire memory of a single machine

Password-Stealing-Malware.png