Abstract: Systems and methods for performing malware detection for determining suspicious data based on data entropy are provided. The method includes acquiring a block of data, calculating an entropy value for the block of data, comparing the entropy value to a threshold value, and recording the block of data as suspicious when the entropy value exceeds the threshold value. An administrator may then investigate suspicious data.
Abstract: A system and method for searching for computer environments, authenticating the computer environments, and copying data from the authenticated computer environments to a memory location. The data is marked or bound to the computer system it was copied from which provides a user with assurance that the data was obtained from a specific, authenticated source. The computer environments and the memory location may be coupled over a network.
Type:
Grant
Filed:
February 1, 2008
Date of Patent:
May 3, 2011
Assignee:
Mandiant
Inventors:
Matthew Frazier, Jason Shiffer, David Merkel, Kevin Mandia, Matthew Pepe
Abstract: A system and method for employing memory forensic techniques to determine operating system type, memory management configuration, and virtual machine status on a running computer system. The techniques apply advanced techniques in a fashion to make them usable and accessible by Information Technology professionals that may not necessarily be versed in the specifics of memory forensic methodologies and theory.