We’re excited to announce the release of our FAT Format package, which adds support for the FAT12, FAT16, and FAT32 file systems.
Once installed, you can explore FAT file systems directly in Cerbero Suite.
Category: Package
Prototype Memory & Services
We are excited to announce the release of version 0.3 of our Memory Analysis package, currently in beta. This update introduces two major features: support for prototype Page Table Entries (PTEs) and the ability to enumerate and display Windows services from memory captures.
Memory Decompression & Pagefiles
Windows 10 (version 1507) introduced memory compression, a feature that allows certain memory pages to be compressed and managed by the “MemCompression” process. As a result, in a memory snapshot, some pages may be unavailable because they reside in compressed memory. Memory compression in Windows is optional and can be disabled if desired, but it is enabled by default.
We are excited to announce the release of version 0.2 of our Memory Analysis package, currently in beta, which adds support for memory decompression and reading paged-out memory from pagefiles.
In the example image below, we can see a case where certain registry keys are missing when examining a memory snapshot—these keys are located in memory pages that have been compressed. In the lower part of the image, after enabling memory decompression, the previously missing keys become visible.
Windows Crash Dump Format 2.1 Package
We’ve updated the Windows Crash Dump Format package to support inspecting kernel memory dumps through the Memory Analysis package.
Memory Analysis Package
We’re excited to announce the release of the new Memory Analysis package, capable of analyzing memory dumps from all Windows versions, from XP to 11, both x86 and x64.
The package will be available to all licenses of Cerbero Suite. Today we’re rolling out the beta for all commercial licenses, and it will be accessible to all licenses once the beta period ends. This new package replaces the previous Windows Memory Analysis package.
UEFI Firmware Image Format Package
We have released the UEFI Firmware Image Format package for all licenses of Cerbero Suite!
The package supports a variety of UEFI firmware image formats and, in addition to allowing you to inspect their structure, it automatically extracts embedded files.
AbuseCh Intelligence For Personal Licenses
The AbuseCH Intelligence package to access intelligence from MalwareBazaar is now available to personal licenses of Cerbero Suite!
If you’re not yet familiar with the AbuseCH Intelligence package, you can check out the video presentation to quickly learn about its features.
InnoSetup Format Package
We have released the InnoSetup Format package for all licenses of Cerbero Suite!
InnoSetup is a free, script-driven installation system for Windows, developed by Jordan Russell in 1997. It uses a Pascal-based scripting language, allowing for complex and customizable installers. Key features include graphical interfaces, file and registry operations, multilingual support, and the creation of encrypted and compressed executables.
Our support encompasses all released versions of InnoSetup, including the latest 6.3 version. We provide support for encrypted setups, file extraction, thorough inspection of all parts of the format, and PascalScript disassembly.
IFPS Format Package
We have released the IFPS Format package for all licenses of Cerbero Suite. IFPS (RemObjects PascalScript) bytecode files are utilized by InnoSetup, a popular script-driven Windows installation system, to enhance the installer’s functionality through custom scripts and can potentially be used by malware to execute malicious code.
File Miner Package
We are thrilled to announce the launch of the File Miner package, a sophisticated file carving tool now available for all Cerbero Suite licenses. Designed to aid malware and forensic analysts in their daily tasks, this package stands out as a top-tier utility in its category, and we plan to enhance it further by supporting additional file formats.
