Zero Condition Toolkit: Memory Forensics Capability

Award Information
Agency:
Department of Defense
Branch
Office of the Secretary of Defense
Amount:
$749,885.00
Award Year:
2007
Program:
STTR
Phase:
Phase II
Contract:
FA8650-07-C-1205
Award Id:
78116
Agency Tracking Number:
O064-NC4-1011
Solicitation Year:
n/a
Solicitation Topic Code:
n/a
Solicitation Number:
n/a
Small Business Information
PIKEWERKS CORP. (Currently Pikewerks Corporation)
105 A Church Street, Madison, AL, 35758
Hubzone Owned:
N
Minority Owned:
N
Woman Owned:
N
Duns:
152119025
Principal Investigator:
Sandra Ring
Principal Investigator
(256) 325-0010
sandy@pikewerks.com
Business Contact:
Michael Ring
COO
(256) 325-0010
michael@pikewerks.com
Research Institution:
PURDUE UNIV.
Eugene Spafford
CERIAS Program Office
656 Oval Drive
West Lafayette, IN, 47907
(765) 494-7841
Nonprofit college or university
Abstract
ZCT is a volatile memory forensics capability. In Phase I, Pikewerks implemented cross view detection to identify both known and unknown kernel rootkits; and other activity attempting to subvert the normal operations of the operating system. In Phase II Pikewerks proposes to 1) expand collection of memory to include full RAM hibernation storage and RDMA/DMA, 2) expand characterization and analysis, and 3) dramatically improve the user interface. The proposed development will be primarily focused on creating a core ZCT capability, with three unique interfaces and plug-ins for specific customer basis. ZCT Red is similar in concept to the existing Phase I capability. Its purpose is to provide an interactive framework for forensics collection, reverse engineering, and debugging. ZCT Live is a stealthier, lighter weight version that does not support debugging, but instead integrates networked communication and analysis across nodes into the design. ZCT Recovery is a service that can allow a user to quickly recover from malware by cleaning static snapshots of memory to pristine, uninfected versions. All three variations are powered by a single core engine which is described in the accompanying proposal.

* information listed above is at the time of submission.

Agency Micro-sites


SBA logo

Department of Agriculture logo

Department of Commerce logo

Department of Defense logo

Department of Education logo

Department of Energy logo

Department of Health and Human Services logo

Department of Homeland Security logo

Department of Transportation logo

Enviromental Protection Agency logo

National Aeronautics and Space Administration logo

National Science Foundation logo
US Flag An Official Website of the United States Government