FileInsight v2.1 - Analyzing files in various formats

Secure Computing’s FileInsight helps to inspect and edit
files of various formats. It is specifically designed to aid in analysis of
potentially malicious files.

Opening Files

FileInsight allows to open files for analysis both directly from open the local harddisk, using the Open toolbar button, or by typing a URL into the Web toolbar and clicking the Get button (see screenshot below to the left). Files are displayed in either textual or hexadecimal format, which can be toggled easily via the View as Hex and View as Text toolbar buttons.

Navigating Binary Files

C/C++ data structure declarations (also see Structure Declarations on MSDN) can be directly imported into FileInsight. Simply click the Open toolbar button in the Structures window and choose the .h file to be opened.

Analyzing Data

The Values window displays different interpretations of the data at the current cursor position. A toolbar button allows to toggle between Little-Endian and Big-Endian byte order.

Scripting

Modification of a file’s content can be automated using the builtin JavaScript support (also see A re-introduction to JavaScript).

More information: here

Thanks to our friend, Ams, for sharing this tool with us.

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Comments

Related Articles

FileInsight
Forensics
Information Gathering
Local auditing