StreamArmor v1.0 the advanced forensics tool released

StreamArmor is the sophisticated tool for discovering hidden alternate data streams (ADS) as well as clean them completely from the system. It’s advanced auto analysis coupled with online threat verification mechanism makes it the best tool available in the market for eradicating the evil streams

StreamArmor has built-in advanced file type detection mechanism which examines the content of file to accurately detect the file type of stream. This makes it great tool in forensic analysis in uncovering hidden documents/images/audio/video/database/archive files within the alternate data streams. StreamArmor is the standalone, portable application which does not require any installation. It can be copied to any place in the system and executed directly.

GIF - 11.6 kb

Feature Highlights of StreamArmor

  • Fast, multi threaded ADS scanner to quickly and recursively scan entire computer or drive or just a folder.
  • ’Snapshot View’ for quick identification of selected stream and faster manual analysis.
  • Option to ’Ignore Known and Zero Streams’ which automatically ignores all known streams (such as Zone.Identifier) and streams with zero size, thus greatly reducing time and effort involved in manual analysis.
  • Advanced stream file type detection which analyzes internal content of file to detect the real file type rather than just going by the file extension. Here is the list of some of the major file type categories detected by StreamArmor
  • Executable File Type (EXE, DLL, SYS, COM, MSI, CLASS)
  • Archive File Type (ZIP, RAR, TAR, GZ, COM)
  • Audio File Type (MP3, WAV, RA, RM, WMA, M3U)
  • Video File Type (WMV, AVI, MPEG, MP4, SWF, DIVX, FLV, DAT, VOB, MOV)
  • Database Type (MS ACCESS)
  • Document Type (PDF, XML, DOC, RTF, All MS Office old & new formats)
  • Sophisticated ’Auto Threat Analysis’ based on heuristic technology for identifying anomaly in the discovered streams based on the characteristics and patterns.
  • ’Online Threat Verification’ to check for presence of Virus or Rootkit in the suspicious stream using any of the following prominent online websites.
  • VirusTotal (www.VirusTotal.com)
  • ThreatExpert (www.ThreatExpert.com)
  • MalwareHash (www.MalwareHash.com)
  • Representation of streams using color pattern based on threat level makes it easy and fast for human eye to distinguish between suspicious streams from normal ones.
  • Parallel analysis of discovered streams during the scanning process, allows user to start with analysis immediately without waiting for entire scanning operation to be completed.
  • View the entire content of selected stream using the configured third party application. In fact user can configure different applications for normal & executable stream file.
  • Save the selected stream file content to a disk, or USB drive or DVD for further analysis.
  • Delete the selected alternate data stream from its base file or folder.
  • Execute/Run the selected executable stream file for analyzing its malicious nature in virtual environments such as VMWare.
  • Dynamic performance tuning mechanism by adjusting the ADS scan thread count [only for advanced users].
  • Sort feature to arrange the scanned streams based on its name/threat level/content type/size.
  • Export the entire list of discovered streams to a disk file in HTML format for offline analysis.

Post scriptum

Compliance Mandates

  • Forensics :

    PCI DSS 10.2, 12.9, A.1.4*, SOX DS7, HIPAA 164.308(a)(1) and (a)(6), FISMA IR-7, ISO 27001/27002 13.2.1, 13.2.3
    *Shared Hosting Providers Only


Related Articles

Forensics
Malware Scanner
StreamArmor