Microsoft has launched a Free Memory Forensics and Rootkit Detection Service for Linux

Microsoft has just launched a Free online service Project Freta aimed to discover forensic evidence on Linux systems. With this service you will be able to dig up hard-to-find rootkits and malware.

Microsoft free memory forensics rootkit detection service

The project is named after the Birthplace of Marie Curie, the pioneer of X-ray imaging which was first introduced during the World war 1.

Microsoft has taken this initiative in order to enable small and large enterprises find hidden malware and kernel rootkits with just a click of the button. All you need to do is upload your Linux VM snapshot file to the project portal and it will give you automatic results. There is ‘zero’ setup required for it. The project support over 4000 kernel versions.

The online analysis portal is available for public use on this address: https://freta.azurewebsites.net/

The portal currently supports a number of types of memory snapshots as inputs.

You can:

  • Utilize the Hyper-V checkpoint feature to generate a VMRS file
  • Covert an VMware snapshot to generate a CORE file
  • Extract memory from a running system by leveraging AVML
  • Extract memory from a running system using LiME

Once you have uploaded the snapshot to the portal for analysis, it will generate a report almost instantly. The report is accessible via the portal and also the REST and Python APIs.

Project Freta

The report enumerates the following types of objects from the snapshot images:

  • Debug processes
  • Global addresses and values
  • Kernel modules
  • Files residing inside the memory
  • Kernel interrupt table
  • Network configurations
  • Open files
  • Kernel syscall table
  • Processes
  • Open sockets
  • Unix sockets

This free service will surely pave a way for open source advanced malware detection systems. Small companies can benefit a lot from this new service considering the present cost of acquiring skills and traditional paid software services.

Spread the Word

You May Also Like

About the Author: Umair

Umair specializes in System Administration (Windows, Linux), Network Security, Cyber Security and other Technology areas including Web Development Frameworks (ReactJS, NodeJS, MongoDB). He is passionate about helping people with all sorts of technical problems.

Leave a Reply

Your email address will not be published. Required fields are marked *