AUMFOR - Automated Memory Forensic
AUMFOR is Automated Memory Forensic is GUI based Tool for helping Forensic Investigator by performing all complex and tedious work automatically, it also analyzes and gives final accurate reports about possibilities of use of malware in committing a crime.
AUMFOR is build with Django (Python webframework) and it uses Volatility to perform Memory Forensic. AUMFOR uses VirusTotal for performing Virus Scan feature.
Upload Dump
Memory Dump can provide unique insights into runtime system activity, including open network connections and recently executed commands or processes. AUMFRO required zipped file of valid Memory Dump to investigate and do Memory Forensic. You can upload valid zipped Memory Dump
Identify Specious IP and Port
Most of the malware including ransomware are network based and work as botnet. These malware mostly need to connect to their origin developer or control centre to execute next command or to send important or confidential information. To accomplish such communication, malware uses open IP address with port.To identify such open IP and Port, AUMFOR will analyze Network Connections for given dump. It will give all possible and necessary details to you for identifying malicious IP or port.
Map Process with Specious IP
Any malicious IP or port found, we can easily link with associated process. Please note that above mentioned process may become difficult for regular Forensic Investigators, if they do manual malware check for each IP, port and process. AUMFOR plays very important role by performing above mentioned process automatically.
Scan Specious Process and Associated Entities
AUMFOR provides feature of scanning individual process file for viruses, worms, Trojans and all kinds of malwares. AUMFOR utilizes VirusToal to accomplish scan process. AUMFOR will do all background stuff for scanning process and gives you final report of that.
Post a Comment