Zero Condition Toolkit: Memory Forensics Capability

Award Information
Agency:
Department of Defense
Branch
Air Force
Amount:
$749,885.00
Award Year:
2007
Program:
STTR
Phase:
Phase II
Contract:
FA8650-07-C-1205
Agency Tracking Number:
O064-NC4-1011
Solicitation Year:
2006
Solicitation Topic Code:
OSD06-NC4
Solicitation Number:
n/a
Small Business Information
PIKEWERKS CORP.
105 A Church Street, Madison, AL, 35758
Hubzone Owned:
N
Socially and Economically Disadvantaged:
N
Woman Owned:
Y
Duns:
152119025
Principal Investigator:
Sandra Ring
Principal Investigator
(256) 325-0010
sandy@pikewerks.com
Business Contact:
Michael Ring
COO
(256) 325-0010
michael@pikewerks.com
Research Institution:
PURDUE UNIV.
Eugene Spafford
CERIAS Program Office
656 Oval Drive
West Lafayette, IN, 47907
(765) 494-7841
Nonprofit college or university
Abstract
ZCT is a volatile memory forensics capability. In Phase I, Pikewerks implemented cross view detection to identify both known and unknown kernel rootkits; and other activity attempting to subvert the normal operations of the operating system. In Phase II Pikewerks proposes to 1) expand collection of memory to include full RAM hibernation storage and RDMA/DMA, 2) expand characterization and analysis, and 3) dramatically improve the user interface. The proposed development will be primarily focused on creating a core ZCT capability, with three unique interfaces and plug-ins for specific customer basis. ZCT Red is similar in concept to the existing Phase I capability. Its purpose is to provide an interactive framework for forensics collection, reverse engineering, and debugging. ZCT Live is a stealthier, lighter weight version that does not support debugging, but instead integrates networked communication and analysis across nodes into the design. ZCT Recovery is a service that can allow a user to quickly recover from malware by cleaning static snapshots of memory to pristine, uninfected versions. All three variations are powered by a single core engine which is described in the accompanying proposal.

* information listed above is at the time of submission.

Agency Micro-sites

US Flag An Official Website of the United States Government