Microsoft has launched a Free Memory Forensics and Rootkit Detection Service for Linux

Microsoft has just launched a Free online service Project Freta aimed to discover forensic evidence on Linux systems. With this service you will be able to dig up hard-to-find rootkits and malware.

Microsoft free memory forensics rootkit detection service

The project is named after the Birthplace of Marie Curie, the pioneer of X-ray imaging which was first introduced during the World war 1.

Microsoft has taken this initiative in order to enable small and large enterprises find hidden malware and kernel rootkits with just a click of the button. All you need to do is upload your Linux VM snapshot file to the project portal and it will give you automatic results. There is ‘zero’ setup required for it. The project support over 4000 kernel versions.

The online analysis portal is available for public use on this address: https://freta.azurewebsites.net/

The portal currently supports a number of types of memory snapshots as inputs.

You can:

  • Utilize the Hyper-V checkpoint feature to generate a VMRS file
  • Covert an VMware snapshot to generate a CORE file
  • Extract memory from a running system by leveraging AVML
  • Extract memory from a running system using LiME

Once you have uploaded the snapshot to the portal for analysis, it will generate a report almost instantly. The report is accessible via the portal and also the REST and Python APIs.

Project Freta

The report enumerates the following types of objects from the snapshot images:

  • Debug processes
  • Global addresses and values
  • Kernel modules
  • Files residing inside the memory
  • Kernel interrupt table
  • Network configurations
  • Open files
  • Kernel syscall table
  • Processes
  • Open sockets
  • Unix sockets

This free service will surely pave a way for open source advanced malware detection systems. Small companies can benefit a lot from this new service considering the present cost of acquiring skills and traditional paid software services.

Spread the Word

You May Also Like

About the Author: Umair

A self-learned Javascript developer specializing in Frontend and Backend frameworks including React.js, Redux, Node.js, Express, MongoDB. He has extensive industry experience as a Tech Support lead and System Administrator. Currently learning Web3, (Solidity, Hardhat, Ethers.js) Smart contracts development, testing and auditing.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.