Monthly Archives: October 2013

Raw File System Analysis (FAT32 File Recovery)

This post isn’t about upcoming features, it’s about things you can already do with Profiler. What we’ll see is how to import structures used for file system analysis from C/C++ sources, use them to analyze raw hex data, create a … Continue reading

Posted in Forensics, Headers, Hooks, Layouts, Logic Providers, Profiler, Python | Tagged , | Comments Off on Raw File System Analysis (FAT32 File Recovery)

News for version 1.0

The new 1.0 version of the Profiler is out with the following news: – introduced logic provider extensions – added SQLite3 support including free pages inspection – exposed internal database access to extensions – fixed some issues when executing Python … Continue reading

Posted in Profiler | Tagged | 4 Comments

Logic Providers

The main feature of the 1.0.0 version of the Profiler is ready and thus it won’t take long for the new version to be released. This post serves as introduction to the topic of logic providers and can in no … Continue reading

Posted in Logic Providers, Profiler, Python | Tagged , | Comments Off on Logic Providers

Disclosure: Creating undetected malware for OS X

While this PoC is about static analysis, it’s very different than applying a packer to a malware. OS X uses an internal mechanism to load encrypted Apple executables and we’re going to exploit the same mechanism to defeat current anti-malware … Continue reading

Posted in Security | Tagged , , , , | 17 Comments

An analysis module for Android: announcing the Forensic Edition

We’re happy to announce the beginning of our work on a forensic oriented edition of Cerbero Profiler. This edition will contain extensions written on top of the standard edition, which are intended to help forensic analysis of supported platforms. Let’s … Continue reading

Posted in Advanced, Profiler | Tagged , , , | Comments Off on An analysis module for Android: announcing the Forensic Edition