Malware Forensics

Malware Forensics


Jamf Executive Threat Protection

Jamf Executive Threat Protection is an advanced solution for detecting and responding to mobile attacks. It provides extended visibility into mobile devices, reducing investigation time and collecting system logs for comprehensive analysis. By identifying indicators of compromise (IOC), it uncovers sophisticated attacks that target crucial users. The solution’s deep analysis uncovers hidden zero-day attacks, presenting them to security teams for action. With automated timelines and built-in response tools, security teams can confidently remediate advanced persistent threats (APT) and ensure user safety. Ongoing monitoring guarantees complete threat elimination. Jamf Executive Threat Protection offers organizations a powerful remote method to understand and respond to advanced mobile attacks.


Data breaches are increasing. When malware and viruses hit your organization, you risk downtime or even reputation damage while you work to fix the breach. Even if you have an incident response plan, adding the right software can help you identify compromises faster. Cerberus is an automated malware triage platform solution designed to easily integrate with FTK®, empowering organizations to proactively identify compromised systems. It’s a first layer of defense against the risk of imaging unknown devices and allows you to identify infected files and avoid exporting them after processing your data.


Visually explore and uncover malware connections in seconds. Malware is more than code. It’s bad code in motion. When malware strikes, you need to quickly find, identify, and mitigate its effect. The MalNet speeds up your investigation, allowing you to start with any artifact and pivot through its network and activity to find the source threat actors or identify related infections. MalNet brings together the industry’s most extensive malware threat information from Proofpoint ET Intelligence. MalNet enables incident responders, threat analysts, and law enforcement to identify and visualize malware connections in just seconds to expedite investigations, response, and malware protection.

Gargoyle Investigator MP

A DFIR Tool for Advanced Malware Detection. Gargoyle MP is the next generation of WetStone’s advanced malware discovery solution for computer forensic investigators and incident response teams. It is designed for forensic laboratories, law enforcement, field investigators, advanced private investigators, and enterprise cyber security personnel. Gargoyle performs a rapid search for malicious applications and provides significant clues regarding the activities, motives and intent of a suspect. Gargoyle MP is designed to simplify breach and malware triage investigation and incident response activities. Gargoyle MP enables users to perform a rapid search for known contraband, hostile programs and lost or leaked corporate assets.


A state-of-the-art binary code analysis tool from Hex-Rays. IDA Pro can analyze binary code that was collected during forensic investigation. It can handle virtually any code that runs on modern processors, and its functionality can be extended with custom scripts and plugins. This makes it especially useful when analyzing heavily obfuscated code. IDA has been relentlessly battle-tested in the field against real-world malware, which has made it the tool of choice for many CERT organizations.

mobile forensics, cloud forensics