Category Archives: Profiler Advanced

Profiler 2.9.2 – Windows 10 Heap

The version 2.9.2 of Profiler is out with two improvements. The first one, is more or less a rewrite of the CCITTFax decoder for PDFs, which has now been tested against more samples. The second improvement is the addition of … Continue reading

Posted in Advanced, Memory, Profiler, Profiler Advanced | Tagged , , | Comments Off on Profiler 2.9.2 – Windows 10 Heap

Profiler 2.9

Profiler 2.9.1 is out with the following news (entries with the plus sign apply only to the advanced edition): + added parsing of Windows heap + added file detection in memory regions and heap + added file detection in memory … Continue reading

Posted in Profiler, Profiler Advanced | Tagged | Comments Off on Profiler 2.9

Heap & File Carving

Along with the newly released 2.9 version of Profiler Advanced, we have improved support for memory images. Before going into the main topics of this post, it is worth mentioning that loading and scanning times have been drastically improved for … Continue reading

Posted in Forensics, Memory, Profiler Advanced | Tagged , | Comments Off on Heap & File Carving

Windows Memory Forensics: Close to Release

We’re extremely proud to announce that the upcoming 2.8 version of Profiler Advanced comes with full-fledged support for raw Windows memory images! As few of our users might remember a two years old demo about this topic. Thanks to the … Continue reading

Posted in Forensics, Memory, Profiler Advanced | Tagged , | Comments Off on Windows Memory Forensics: Close to Release

URL Download Action (Tor)

In the upcoming version of Profiler Advanced we have introduced a new useful action, namely the URL Download action. Many times in previous posts we have analyzed some malware which at the end of its shellcode ended up downloading a … Continue reading

Posted in Action, Profiler Advanced, Security | Tagged , , | Comments Off on URL Download Action (Tor)

EML support

The upcoming 2.7 version of Profiler Advanced introduces support for the EML file format. Support for EML files had until now only been present as experimental hook to extract attachments. We have now introduced full-fledged EML support and have removed … Continue reading

Posted in Format, Profiler Advanced | Tagged , | Comments Off on EML support

Profiler Advanced

With the upcoming 2.7 version of Profiler, we will start releasing an Advanced edition alongside the Standard one. All our users who have bought a license until this point in time will automatically have their license work with the Advanced … Continue reading

Posted in Profiler Advanced | Tagged | Comments Off on Profiler Advanced