Zero Condition Toolkit: Memory Forensics Capability

Award Information
Agency: Department of Defense
Branch: Air Force
Contract: FA8650-07-C-1205
Agency Tracking Number: O064-NC4-1011
Amount: $749,885.00
Phase: Phase II
Program: STTR
Awards Year: 2007
Solicitation Year: 2006
Solicitation Topic Code: OSD06-NC4
Solicitation Number: N/A
Small Business Information
PIKEWERKS CORP.
105 A Church Street, Madison, AL, 35758
DUNS: 152119025
HUBZone Owned: N
Woman Owned: Y
Socially and Economically Disadvantaged: N
Principal Investigator
 Sandra Ring
 Principal Investigator
 (256) 325-0010
 sandy@pikewerks.com
Business Contact
 Michael Ring
Title: COO
Phone: (256) 325-0010
Email: michael@pikewerks.com
Research Institution
 PURDUE UNIV.
 Eugene Spafford
 CERIAS Program Office
656 Oval Drive
West Lafayette, IN, 47907
 (765) 494-7841
 Nonprofit college or university
Abstract
ZCT is a volatile memory forensics capability. In Phase I, Pikewerks implemented cross view detection to identify both known and unknown kernel rootkits; and other activity attempting to subvert the normal operations of the operating system. In Phase II Pikewerks proposes to 1) expand collection of memory to include full RAM hibernation storage and RDMA/DMA, 2) expand characterization and analysis, and 3) dramatically improve the user interface. The proposed development will be primarily focused on creating a core ZCT capability, with three unique interfaces and plug-ins for specific customer basis. ZCT Red is similar in concept to the existing Phase I capability. Its purpose is to provide an interactive framework for forensics collection, reverse engineering, and debugging. ZCT Live is a stealthier, lighter weight version that does not support debugging, but instead integrates networked communication and analysis across nodes into the design. ZCT Recovery is a service that can allow a user to quickly recover from malware by cleaning static snapshots of memory to pristine, uninfected versions. All three variations are powered by a single core engine which is described in the accompanying proposal.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government