Status
Not open for further replies.

Nico@FMA

Level 27
hi,

thanks to Nvt, i had a very detailed private session to witness the new incoming release of FMA-IS , and i can say i am very impressed.

in addition to the process monitor ( with termination capabilities) and various checks (resulting in very detailed logs ) available in the earlier versions, FMA has now a real-time monitor (quite light on resources).
what does it do? in fact it monitors, logs then displays all changes happening to any files in the system, nothing can be hidden from it.

- Windows System Files are crosschecked against a legit list via several methods and any irregularities can then be pinpointed right-away.
- services are logged and reveal informations
- created/modified files are shown in the GUI with full path, so if you have a bit of knowledge , you can see if something is wrong.

the new release will satisfy advanced users and is more friendly to average ones.
Yeah it was good and exclusive.

So here is a little teaser:



Watch the resources on the test computer.
As you can see 28236k = 28Mb memory usage.
Given all the functions the program has and the additional function which are not yet shown its a big achievement to have such low usage.

Anyway more news to come.
 

Nico@FMA

Level 27
I have been advised to add this info to you all:

Just a little NOTE: As you can see there is still Kaspersky and Norton NPE in it.
These are unmodified full installations of their tools.
Its free and licensed by Kaspersky and Norton and NOT by FMA.
We have nothing to do with them program wise, so the fact that i added their tools is just because i wanted to add it so that just incase something goes wrong testers would have some tools to do emergency fixing.
So both tools are by NO means owned by FMA and are not being sold by FMA. And when the program reaches final stage these addons will be removed.
They are free products the only thing i did was bundle them within the software to make things easy for the time being.

Given the load of crap in the past about some software i was thinking let me make this VERY clear.
Also my program is 100% custom build there is NOTHING, not a single piece of code that i "we" did not make and there is not a single function that belongs to someone outside FMA.

Just wanted to make that very very clear.

Cheers
 

Nico@FMA

Level 27
FMA = HIPS ?


HIPS? no just monitoring capabilities to catch jumping malware and such, during the scans.
However its going to be a advanced program that at this very point has no equal.
Sounds bragging like, however market research has proven that already.
Anyway here is a new picture with added options yet still not finished but it is almost done.
 
Last edited:

Mateotis

Level 10
These days when organized cybercrime against corporations is becoming a big thing, the most effective way of combating them is by using forensic tools like this.

If you keep up development and eventually put it on sale, I do think it will be popular. :)
 

Nico@FMA

Level 27
Alright i think i need to explain some things here just to make sure that people do understand what this software is about.
Because when the new version is going to be released there will be enough people testing and playing around with this.
However for most people 80% of the functions go WAY beyond the scope of their knowledge and ability.

This software is user friendly to a point, as the result produced by this software is by no means user friendly.
The main program is a eye candy GUI with real time file /process monitoring and easy to use application that fetches ALL data as required by the "end" user and as defined by its search algorithm.
It fetches data from places where normal software just do not come...
The amount of data that is being collected is truly amazing and extremely detailed both RAW as polished data.
To give a example: It fetches RAW data about process X and executable X from over 20 different places.
This includes: User level, Admin Level, Authority Level, Protected Core Level, Kernel level and some other places which i am not going to name.

Now a file that has been injected, infected, corrupted and so on can be changed and made look valid in various places as todays cybercrime tools can manipulate the OS in such way that you can make it believe that ihackedyou.exe would be a hot blond.
Do NOT underestimate malware and hackers they can make windows sing the latest song of James Blunt if they wanted to.
Just by adding, changing, injecting and so on the files needed, and nothing you can do about it...
However there are places on the pc where windows with all its logging capacity will stash and hide info.
Usually for law enforcement, performance data gathering and for other reasons... what people fail to realize is that stupid windows does actually see everything and logs at least 99.9% where your performance logs and such can only see 30%.
My program can see the full 100% of every bit of data since the very first day the computer did go live.
Yes it can even look into the remnant files on your deleted partition...And yes it can recover virtually everything, regardless who is responsible for deleting it.
On a clients computer i recovered data from over 5 years ago on the pc.
Sure the data is not usable by you, its just data.
However to a forensic specialist like me or people from my team this is a road map to what happened and how it did happen and when and even in some cases by who.
So to you its all mumbo jumbo, to me its a track record where on the end of the line awaits a conclusion which will lead me to a job well done...

And yes i agree that the logs are by no means eye candy in terms of structure as they are for the most part RAW.
And yes there is a reason for it.
Windows itself would stop my program dead in its tracks if it knew what my program actually does, because the functions i am using are virtually not documented, windows handbook does not say: Process X is the key to a build in journal that law enforcement can read out to see if you downloaded dirty pictures...
Really?
No i do not think so.
Yet many of the functions access service level and authority level sources, and they cannot be corrupted, as data is not rewritten.

For example:

yesterday file X is called: process.exe
today file x is called: process-hacked.exe
tomorrow file x is called: Bigfattrojan.exe

Normally a OS just rewrites the name and everything else and keeps minor logs about the event.
But services and authority level actually do not rewrite data, but it adds a new entree next to the existing data.
Which means you can see every change, access and other events about File X Process.exe

Now i understand that there are rootkits like cryptologger and other nasty ones and there is nothing my program can do against malware and such, it has not been written to avoid and block things... even tho is does have incredible AV capabilities due to the nature of the logs after all you can by hand follow every move and change a file made so yes Crypto and others can be detected IF one knows what to look for within the logs. Umbra has pointed out in his review that my program is NOT a anti malware but it certainly does detect it, well windows does my program only interrogates windows lol (Water boarding: Talk bitch TALK to FMA <evilgrins>.... *^%*%^^& what was that windows? lmao
But again thats a nice side bonus as the program itself was never written with that in mind.
People need to understand this is AFTER the crime software, this is software that its going to be used by high level technicians and savvy admins SO YOU as the average Joe would not be able to make heads or tails from it and thats ok.
I just give you a fair warning so you guys know what its all about so you can choose:

1 Fancy looking logs but less accurate data (Pick windows logs).
2 If you want real data use my program... but its not fancy and the logs are RAW and not sugar coated.


Forensic software does not play nice... and so are hackers.

So leave your comments, questions and idea's
I will be happy to reply to your questions.

Cheers
 
Last edited:
D

Deleted member 178

Yep my first impression when i saw FMA logs was "damn it , i will lost my sight by digging into them" but after some lines i thought "holy **** , it is damn accurate"

For forensic specialist and other malware remover , FMA is at a level comparable (and even superior) to OTL.
 

Nico@FMA

Level 27
Yep my first impression when i saw FMA logs was "damn it , i will lost my sight by digging into them" but after some lines i thought "holy **** , it is damn accurate"

For forensic specialist and other malware remover , FMA is at a level comparable (and even superior) to OTL.
Yes that was FMA first and second edition, however this version is way past its older versions.
For example the version which is on-line available is just a fraction of what it has become, i intended to release it yesterday however due to some additional tasks and problems i will try today or by the end of this week. And i am aware of the fact that there are tools that might be on the same level as my program but then on a individual level, but as a centralized program it has no equal, and without bragging i can honestly claim that the next version which will be ready today, tomorrow or end this week will make the program look like star wars compared to the older version, the technological gap between these 2 versions is bigger then the distance to the moon (Capability wise).
In regards to OTL and similar programs they are specific tools for a specific use and are household names, and i would not want to discredit them as they have a proven record my program can only dream of yet.
However capability wise OTL and others eating dust.
@Umbra Polaris and @BoraMurdar both have seen the new version in a test drive exclusive preview, they can speak for them selfs to what they have seen so far, i have also told both somethings that soon will be implemented, so the claim i made in the above piece is really not bragging.
Obviously OTL and similar tools have earned their marks and thats good as they are fantastic in every way and they do a awesome job.
However my program can be considered as the next generation as its aimed at the next generation of Internet crime and malware.
As i said before FMA Intel-Secure is NOT going to play nice, it will fight dirty, it will fight cheap but boy o boy will it be effective.
And thats a promise.. So check here or go directly to our webpage

Cheers
 
Last edited:
Status
Not open for further replies.