We’ve updated the Windows Crash Dump Format package to support inspecting kernel memory dumps through the Memory Analysis package.
Tag: Forensics
Memory Analysis Package
We’re excited to announce the release of the new Memory Analysis package, capable of analyzing memory dumps from all Windows versions, from XP to 11, both x86 and x64.
The package will be available to all licenses of Cerbero Suite. Today we’re rolling out the beta for all commercial licenses, and it will be accessible to all licenses once the beta period ends. This new package replaces the previous Windows Memory Analysis package.
FLIR Format Package
We released the FLIR Format package for all licenses of Cerbero Suite.
FLIR (Forward-Looking InfraRed) refers to thermal imaging data that is embedded within the JPEG file format. Unlike standard visual imagery, FLIR data represents heat emissions from objects, providing a thermal spectrum view that is invaluable for various applications, from surveillance and security to energy audits and search and rescue operations. When FLIR data is embedded in JPEG images, it allows the combination of visible light information with thermal imaging in a single file.
RegHive Format Package
We have released the RegHive Format package for all licenses of Cerbero Suite.
This package offers enhanced functionality for exploring Windows Registry hives. It enables detailed inspection of keys and values, and importantly, provides additional insights by displaying the last modification date and time for each key. Moreover, it includes the ability to view security access details for each key, offering a comprehensive overview of the Registry’s structure and access controls.
DSStore Format Package
We have released the DSStore Format package for all licenses of Cerbero Suite.
In Apple macOS, .DS_Store is a file that stores custom attributes of its containing folder, such as folder view options, icon positions, and other visual information. It is created and maintained by the Finder application in every folder and contains information that can be valuable for forensics purposes, such as file names and timestamps.