USA flag logo/image

An Official Website of the United States Government

Zero Condition Toolkit: Memory Forensics Capability

Award Information

Agency:
Department of Defense 		Branch:
Office of the Secretary of Defense 		Award ID:
78116 		Program Year/Program:
2007 / STTR
Agency Tracking Number:
O064-NC4-1011 		Solicitation Year:
N/A 		Solicitation Topic Code:
N/A 		Solicitation Number:
N/A
Small Business Information
Pikewerks Corporation
105 A Church Street Madison, AL -
View profile »
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
 
Phase 2
Fiscal Year: 2007
Title: Zero Condition Toolkit: Memory Forensics Capability
Agency / Branch: DOD / OSD
Contract: FA8650-07-C-1205
Award Amount: $749,885.00
 

Abstract:

ZCT is a volatile memory forensics capability. In Phase I, Pikewerks implemented cross view detection to identify both known and unknown kernel rootkits; and other activity attempting to subvert the normal operations of the operating system. In Phase II Pikewerks proposes to 1) expand collection of memory to include full RAM hibernation storage and RDMA/DMA, 2) expand characterization and analysis, and 3) dramatically improve the user interface. The proposed development will be primarily focused on creating a core ZCT capability, with three unique interfaces and plug-ins for specific customer basis. ZCT Red is similar in concept to the existing Phase I capability. Its purpose is to provide an interactive framework for forensics collection, reverse engineering, and debugging. ZCT Live is a stealthier, lighter weight version that does not support debugging, but instead integrates networked communication and analysis across nodes into the design. ZCT Recovery is a service that can allow a user to quickly recover from malware by cleaning static snapshots of memory to pristine, uninfected versions. All three variations are powered by a single core engine which is described in the accompanying proposal.

Principal Investigator:

Sandra Ring
Principal Investigator
2563250010
sandy@pikewerks.com

Business Contact:

Michael Ring
COO
2563250010
michael@pikewerks.com
Small Business Information at Submission:

PIKEWERKS CORP.
105 A Church Street Madison, AL 35758

EIN/Tax ID: 331040567
DUNS: N/A
Number of Employees:
Woman-Owned: No
Minority-Owned: No
HUBZone-Owned: No
Research Institution Information:
PURDUE UNIV.
CERIAS Program Office
656 Oval Drive
West Lafayette, IN 47907
Contact: Eugene Spafford
Contact Phone: (765) 494-7841
RI Type: Nonprofit college or university