We’ve released the ASAR Format package, which adds support for the Atom Shell Archive Format, which is a lightweight archive format primarily used in Electron applications.
Category: Package
InnoSetup Format Package 2.0
Version 2 of the InnoSetup Format package is now available and includes support for the latest releases of InnoSetup.
Memory Analysis Package 0.5
We’ve released version 0.5 of the Memory Analysis package, currently in beta, and have also made it available to personal licenses of Cerbero Suite!
One of the cool features we worked on is hyperlinking processes and modules, allowing you to jump directly to a process or module analysis from any view. When opening a memory dump, you can choose to skip scanning processes and modules for faster inspection—yet still jump directly to a specific module and inspect it.
Why scan everything when you only need what matters? Apart from being able to skip scanning processes in a memory dump or scan all of them, we’ve added the capability to scan only processes of interest — making your analysis faster and more focused.
Modules and files can, as usual, be scanned using YARA. Additionally, the user-mode memory of processes can be scanned using our cutting-edge YARA Rules package.
User-mode memory can also be mined for files using our advanced File Miner package.
We’re continuing to expand the functionality of the Memory Analysis package with the goal of making it a state-of-the-art solution for memory forensic examiners. With each update, we’re adding powerful new features and refining the experience to support fast, focused, and in-depth analysis. More is on the way.
Memory Analysis Package 0.4
We’ve released version 0.4 of the Memory Analysis package, currently in beta for our commercial customers and soon to be available for personal licenses too. The main highlight is that, thanks to Cerbero Suite 8.4, all tables now support sorting — but there are other new features as well, which we’ll cover in this blog post.
When inspecting a PE in memory, viewing the import table is useful — but seeing what the IAT entries actually point to is even better, especially if the import information is no longer available.
WIM Format Package
We’re excited to announce the release of the WIM Format package, which adds support for the Windows Imaging (WIM) file format.
Once installed, you can explore the contents of WIM images directly in Cerbero Suite. This includes browsing the file hierarchy, inspecting individual files, and performing in-depth forensic analysis.
Additionally, when used in conjunction with the ISO Format package, it’s possible to seamlessly access WIM images embedded within ISO files—making the analysis of Windows installation media even more efficient.
HFS+ File System
We’re excited to announce the release of the HFSPlus Format package, which adds support for the HFS+ file system.
Once installed, you can explore HFS+ file systems directly in Cerbero Suite.
NTFS File System
We’re excited to announce the release of the NTFS Format package, which adds support for the NTFS file system.
Once installed, you can explore NTFS file systems directly in Cerbero Suite.
ExFAT File System
We’re excited to announce the release of the ExFAT Format package, which adds support for the ExFAT file system.
Once installed, you can explore ExFAT file systems directly in Cerbero Suite.
Disk Format Package
We’re excited to announce the release of our Disk Format package, which adds support for parsing and analyzing disk layouts including MBR and GPT partition tables.
If a partition contains a supported file system, it will be automatically added as a child object. The package also enables exploration of the MBR boot code using the Carbon disassembler.
FAT File System
We’re excited to announce the release of our FAT Format package, which adds support for the FAT12, FAT16, and FAT32 file systems.
Once installed, you can explore FAT file systems directly in Cerbero Suite.