Responder® PRO: Capture and Understand Today’s Advanced Malware


Advanced Physical Memory Forensics, Malware Analysis, and Reverse Engineering Tool

The new face of malware is designed to never touch the disk and reside only in physical memory.

We are pleased to announce that Responder® PRO is available as a subscription which includes product support and maintenance for a low monthly or annual fee.  For details about this exciting new program please see our FAQs document. If you are a collegiate student or professor looking to get access to a free trial version Responder PRO for your scholastic needs, please get in touch with us here

Download a 15-Day Free Trial of Responder PRO

Responder PRO is the industry standard physical memory and automated malware analysis solution. It is the most advanced tool available for reverse engineering available today.  In 2015 we released a new version which captures and analyzes physical memory not only in Windows platforms but now also in Linux.  This release enables Cyber Security Analysts to pull in and analyze Linux memory images and to perform memory forensics on endpoints. The new Responder PRO covers the two most popular versions of Linux available today, Red Hat Enterprise Linux (RHEL) and CentOS.

With its powerful memory forensics and malware identification capabilities, Responder PRO allows incident response professionals to collect and analyze critical threat intelligence that can only be found in physical memory such as chat sessions, registry keys, encryption keys, and socket information. With this information, incident responders can effectively validate and respond to a security incident.

Watch a demonstration of Responder PRO now:

Responder PRO Demo

Responder® PRO IN ACTION

Other important information including malware delivery and rootkit behavior not detected by anti-virus software can be easily found using Responder PRO. The malware analysis module automatically generates a report that provides a high-level overview of each binary’s possible capabilities broken out into 6 different (factors).


Code Visualization

With the Canvas feature, assembly code can be inspected and actionable intelligence easily gathered, such as a folder being created in the Program Files directory

Automated Analysis

Suspicious activity is automatically identified and presented in a browseable, print-ready report suitable for delivery to management, remediation teams, or law enforcement


Comprehensive View of Physical Memory

Every element of physical memory is provided, from the standard process and module details to extensive details on open files, sockets, registry keys.  Document fragments, internet history, and keys and passwords are automatically extracted from memory and made available.

Responder PRO’s deep malware analysis includes automated code disassembly, behavioral profile reporting, pattern searching, code labeling, and control flow graphing and is based on our flagship technology, Digital DNA®. It can analyze both 32-bit and 64-bit memory. To learn why Responder PRO should be a key tool in your incident response arsenal, please view the datasheet.