We’re excited to announce the release of the new Memory Analysis package, capable of analyzing memory dumps from all Windows versions, from XP to 11, both x86 and x64.
The package will be available to all licenses of Cerbero Suite. Today we’re rolling out the beta for all commercial licenses, and it will be accessible to all licenses once the beta period ends. This new package replaces the previous Windows Memory Analysis package.
When opening a memory dump, you’ll see an initialization dialog that allows you to select the appropriate profile for the dump.
The initialization dialog provides a preview to confirm the correctness of the selected memory profile.
After choosing the profile, you can inspect the memory dump in the analysis workspace.
Every list view supports filtering for quick access to relevant items.
Loaded kernel modules can be examined.
Threads from all processes are also available.
Referenced objects from all processes can be inspected.
Active network connections can be reviewed.
System users and groups along with their properties can be examined.
Registry hives loaded in memory are displayed in a familiar interface.
You can also directly jump to specific registry keys.
Architecture-specific tables such as the Interrupt Descriptor Table are supported.
Similarly, the Windows Service Descriptor Table can be inspected too.
Additionally, each process can be individually inspected as a child object.
The complete address space of a process can also be analyzed using the Carbon disassembler.
Finally, the package’s API is exposed via the SDK and comes with comprehensive documentation, enabling users to easily develop their own memory analysis tools.
We hope this package will significantly simplify the tasks of forensic and malware analysts with its intuitive and user-friendly interface. We’ll continue to enhance the package with new features in the coming months, so stay tuned!