Radiography is a forensic tool which grabs as much information as possible from a Windows system.
Its checks:
- Registry keys related to startup process
- Registry keys with Internet Explorer settings
- System Accounts and properties
- Startup files
- System services
- Hosts file contents
- TaskScheduler tasks
- Loaded System Drivers
- NetBios Shares
- Hidden Windows
- System processes running (and their location if possible)
- Network information (Open connections, listening ports ...)
It has also unique features:
-When it identifies a process (running
or configured in registry keys, startup directories or task scheduler)
it checks its hash with Team Cymru's MALWARE HASH REGISTRY service to identify potential threats
-RadioGraPhy does a process integrity test using 'WinUnhide' to catch hidden processes
-Dump a copy of Eventlog and grab a copy of the process binaries for later review
RadioGraPhy is OpenSource (GPL License) and come with a CLI version and a graphic frontend (please have a look to Screenshots section)
0 comments :
Post a Comment