FMA Intel-Secure: (CCSU PR-Guard) Edition 2014 Official Release

Status
Not open for further replies.

Arakasi

Level 4
Verified
Jul 12, 2014
195
Hello everyone, just downloaded.
Very powerful tool.
In the coming weeks i will be keeping my eye out for some real live in the field testing and scenario opportunities.
My company provides forensic analysis of computers, mobile devices, and networks for customers every week.
Stay tuned. :)
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Hello everyone, just downloaded.
Very powerful tool.
In the coming weeks i will be keeping my eye out for some real live in the field testing and scenario opportunities.
My company provides forensic analysis of computers, mobile devices, and networks for customers every week.
Stay tuned. :)

O noesss... do not let us wait for a few weeks... hurry hurry hurry i cannot wait hyper HYPER.
LMAO
 
  • Like
Reactions: Arakasi

Littlebits

Retired Staff
May 3, 2011
3,893
Nice tool, I really like the Realtime File Monitor logs.
Kind of reminds me of ProcessGuard by Diamond CS which was discontinued.

Enjoy!! :D
 
  • Like
Reactions: Nico@FMA

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Bora , you will pass from Bora Murdar to Bora Murdered :D
so-we-meet-again.jpg
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
LOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOL omg just woke up and did fire up the computer and first thing i see is this picture. I nearly did shoke on my coffee specially because my kid was playing next to me on the sofa... And he makes this face seeing me laughing... and i am almost crying of fun tears here..
Lmao priceless...
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Update revision 7.1.8.2

Buttons will be numbered so people understand the sequence.
Various cosmetic changes.
Memory leak fixes.
Treading streamlining.
Hard drive sector handling optimization.
HASH calculation optimization tweaks.
And a number of minor tweaks and fixes.

That said and now the biggest feature of all.

PPA (Point to Point analysis & cross referencing) for the following extensions:

DLL = Dynamic-link library
EXE = Executable
SYS = System file
BAT = Batch file
VBS = Visual Basic Script
DAT = Data file
TXT = Text file
CONF = Configuration file
BIN = Binary file
XML = Extensible Markup Language
INI = Initialization file
DRV = Driver file
OCX = Object Linking and Embedding (OLE) Control Extension
CAT = Windows Catalog File
COM = Command File
AX = Video filter file
MSC = Management Console Snap-in Control File
CPL = Windows Control Panel file
MSI = Structured Storage & Installer package
CAB = Cabinet file
INF = Information file
LOG = Log file
DB = Database file
BAK = Backup file
JS = Java script
TMP = TEMP file
XLS = Spreadsheet format file
LOCK = Microsoft's .NET Framework file
SWF = Shockwave Flash file
FLV = Flash video file
DMP = Dump file
BLF = CLFS Base Log File
HTML = Hypertext Markup Language File
DOC = Document file
RTF = Word file
PDF = Portable Document Format File
GIF = Graphical Interchange Format File
JPG = Image file
BMP = Bitmap file
MP3 = MPEG audio file
AVI = Audio Video Interleave file
WAV = Waveform Audio file

: If you would like a extension being added that is not yet on the list then please reply to the topic with a solid motivation why you think the extension would be useful to be added. And i will study case by case if i will add it.

The new function will be implemented today and is almost finished.
I will notify you guys when i upload it.

Enjoy cheers
 
Last edited:
  • Like
Reactions: Deleted member 178

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Update revision 7.1.8.2

Buttons will be numbered so people understand the sequence.
Various cosmetic changes.
Memory leak fixes.
Treading streamlining.
Hard drive sector handling optimization.
HASH calculation optimization tweaks.
And a number of minor tweaks and fixes.

That said and now the biggest feature of all.

PPA (Point to Point analysis & cross referencing) for the following extensions:

DLL = Dynamic-link library
EXE = Executable
SYS = System file
BAT = Batch file
VBS = Visual Basic Script
DAT = Data file
TXT = Text file
CONF = Configuration file
BIN = Binary file
XML = Extensible Markup Language
INI = Initialization file
DRV = Driver file
OCX = Object Linking and Embedding (OLE) Control Extension
CAT = Windows Catalog File
COM = Command File
AX = Video filter file
MSC = Management Console Snap-in Control File
CPL = Windows Control Panel file
MSI = Structured Storage & Installer package
CAB = Cabinet file
INF = Information file
LOG = Log file
DB = Database file
BAK = Backup file
JS = Java script
TMP = TEMP file
XLS = Spreadsheet format file
LOCK = Microsoft's .NET Framework file
SWF = Shockwave Flash file
FLV = Flash video file
DMP = Dump file
BLF = CLFS Base Log File
HTML = Hypertext Markup Language File
DOC = Document file
RTF = Word file
PDF = Portable Document Format File
GIF = Graphical Interchange Format File
JPG = Image file
BMP = Bitmap file
MP3 = MPEG audio file
AVI = Audio Video Interleave file
WAV = Waveform Audio file

: If you would like a extension being added that is not yet on the list then please reply to the topic with a solid motivation why you think the extension would be useful to be added. And i will study case by case if i will add it.

The new function will be implemented today and is almost finished.
I will notify you guys when i upload it.

Enjoy cheers

Due to a Unexpected problem this release is being put on hold for further investigation.
In the final test it has been shown that this module did have unintended side effects, some commands where not correctly executed.
While the module does work and the end result is exactly as written, i have taken the decision to halt the release as i want the code to be smooth and clean.

Cheers
 
  • Like
Reactions: Deleted member 178

Plasmadragon

Level 1
May 26, 2014
11
Due to a Unexpected problem this release is being put on hold for further investigation.
In the final test it has been shown that this module did have unintended side effects, some commands where not correctly executed.
While the module does work and the end result is exactly as written, i have taken the decision to halt the release as i want the code to be smooth and clean.

Cheers

Slap a hotfix on it n.nvt ;)
 

Plasmadragon

Level 1
May 26, 2014
11
Hello everyone, just downloaded.
Very powerful tool.
In the coming weeks i will be keeping my eye out for some real live in the field testing and scenario opportunities.
My company provides forensic analysis of computers, mobile devices, and networks for customers every week.
Stay tuned. :)

lol, if it ends up you guys really love it you would end up being n.nvt's first documented in-forum company consumer :D
 

Moose

Level 22
Jun 14, 2011
2,271
Greeting!:)

Let us know when there are versions for Windows 8 and Windows 8.1 X64 Bits Operating System!
Looking forward to the Home Versions!:cool:

Best regards

"However i am willing to make a windows 8 version for home users but thats going to take time as i really have to change ALOT because user friendlyness is going to be a big issue. Next to that Windows 8 has lost MUCH functionality in this field so its also going to require extensive research.":cool:
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Greeting!:)

Let us know when there are versions for Windows 8 and Windows 8.1 X64 Bits Operating System!
Looking forward to the Home Versions!:cool:

Best regards

"However i am willing to make a windows 8 version for home users but thats going to take time as i really have to change ALOT because user friendlyness is going to be a big issue. Next to that Windows 8 has lost MUCH functionality in this field so its also going to require extensive research.":cool:

Yes a windows 8 version might be at the horizon, yet the program itself is aimed at the industry and it functions are also written with the industry in mind, Windows 8 is NOT being used within the industry as Windows 8 is a massive, epic costly fail and from what i have noticed within the industry is that companies would LOVE to hold on to XP or Windows 7 in this case as there is nothing but problems windows 8 can offer them.
Also the alleged surveillance and other big brother type of functions within Windows 8 will stop companies using it.
Hence why its rumored that windows 9 is being made which is to some a upgraded windows 8 but then with the functionality windows xp and 7 did have so that MS can tackle the HUGE loss they are taking with Windows 8.
And while i want to satisfy my own costumers i really do not see my program be a + to windows 8, specially because windows 8 is basically a brain death OS.
In terms of options and such Windows 7 is far more capable. As i said it remain to be seen what i will do.
Another issue is that While windows 8 is suppose to be so much more advanced then windows 7 it is very weak in terms of real security.
Sure from a home perspective it has way more to offer then Windows 7, but for a company Windows 8 is just a liability.

I could give you the example of last week, last week at clients company we installed 10 client PC's with Windows 8 and we did have a MS server taking care of them, in Admin mode.
Well boy o boy it was bad...
Usually the company network blocks around 10/100 targeted malware attacks and on average over 20000 rule based attacks every so odd couple of hours. As the company has a massive world wide network and is on a triple A hitlist by cyber criminals (If a cyber criminal is going to hack a company for technological and personal gain then our client is certainly on the list to be attacked.
According to the Security within the OS itself everything was suppose to be squeaky clean, but after close up investigation it turns out Windows 8 was being ripped to pieces from the inside out.
I tell you what i have not yet come across a OS that is so well rounded for home use (granted!) yet on the same time i did not come across a OS yet that has such a weak internal security as windows 8 from a industrial perspective.
Also the amount of traffic generated by Windows 8 is 6 times as much then all other previous versions, and if you block that traffic or try to turn it off then Windows 8 crashes.
So where is this traffic going? Make a educated guess!!!!
Needless to say the company demanded that we stop the test and remove Windows 8 from the test computers.
I quote: "I do not want Windows 8 CD within 100 meters from any PC because its so malicious that it even would manage to infect the system with MS fail while not even being installed."
And to me personally this comes from the CEO of one of our massive clients, they have 15 times more computers and servers worldwide running then MS itself. (Not going to say names) period)
Me and my team have proven that Windows XP SP3 and Windows 7 SP1 have both more standoff and far better security (when hardened and tweaked) then windows 8 as it is a 100% fail at that point there is absolutly nothing windows 8 has to offer for any company with more then 1 computer!!!!. And totally hyped in many ways. But then again if you talk to sources within the MS company then this is painfully clear, as there are more possible bugs within windows 8 and more unforeseen problems then on, XP, VISTA and Windows 7 combined.
So go figure.

In regards to the hotfix i am making , it is ready, i just did not find the time yet to compile it into the new version.
I might do that today.... So stay tuned for a update.
 
  • Like
Reactions: Cch123 and Moose

Mateotis

Level 10
Verified
Well-known
Mar 28, 2014
497
Well, what can I say? If knowledge really is power, this program can make you a god. :)
 
  • Like
Reactions: Moose

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Well, what can I say? If knowledge really is power, this program can make you a god. :)
@Mateotis
@Umbra Polaris
Well i am not sure if the program can make me god, in fact i hope not as he is the last person i would like to be.
Its hard enough to be myself lol.
That said the program can and will list whatever data there is to gather.
Sure its most of it is in simple TXT format, but this is for a reason as there are 2 other components that are delivered as standalone tools which can make sense out of the TXT files. But they are not going to be released in public.
The log files contain mostly raw data which will dazzle you, but with the right tools and additional third part tools the program really becomes magic.
It has never been designed to operate alone and neither has it been designed to replace other programs.
From a forensic perspective there is no such thing as to many tools, there is no such thing as can do it all, and there is no such thing as to much data.
The problem is that nowadays malware and intrusions have become pretty much military grade in many ways.
Even simple rootkit and bootkits have techniques build in that a few years ago where only available to MIT and Harvard type specialists.
These days even my little son could create a high quality malware that will cause havoc.
I mean look around on some of these malware sites they pretty much allow you with a bit of reading to make malware that will haunt the Windows user for the next 3 to 4 years before a cure can be found.
Same goes for industrial cyber espionage, hacking, corruption and malware... the level of technological skill involved to create high end hacking software has gone up considerably while the effort to obtain this skill and tools to create these tools have gone down.
To give you a example its 100 times more easy to get yourself a seriously good hacking AIO package then to get a gun.
Where 10 years ago the average malware was just a piece of code what essentially changed the way windows functions worked, they now do the same but in so much detail and technological skill that one can only admire those who come up with this crap.
And yet if anyone want to get into the hacking industry, you do not need a extensive knowhow. The only thing you need is a PC + Internet connection and a bit of time to gather the right tools. read some tuto's and download some samples and everything suddenly becomes almost just as easy as installing windows.
So from a forensic perspective older tools are still house hold tools that every forensic investigator would use, however there is a serious need for specialized tools that generate data. Simple said there are only 3 tools on the planet that generate data to the level of court grade logs. My program is as i mentioned very simple yet its logging and data collection while being a centralized program is unmatched and in many ways the next generation.
I am not saying this to make my program look good, as it does not to be honest... but its logging and data collection really does do the trick. The program 1 part out of a set of 3 (the last 2 components are never going to be released as i said and they are custom made for certain networks that are common within the industry) As my program can do a lot, but for some configurations it needs additional help.
On one hand its not a exact science and yet it is exact because anything less then exact would render the data useless.
Hence why this is such a difficult industry specially if you take into account the latest developments within the hacking industry.
So yes while my program is a NG type of software it is by no means god and neither can it make any investigator god.
However it does provide some very needed additional tools that will speed up investigations and will be able to process more data faster and more accurate and thats something completely new within the industry.
There are loads of tools out there but none of them come even close to the level of quality, speed and accuracy not to mention that there are only a few tools that could on paper look as deep within the OS as my program can.
That said its not going to end here, currently i am talking to 3 companies who are world class (not saying names) to pool or expertise and start working together in terms Investigations, R&D, Training and Certification.
Obviously this has been planned even before i started my own company, as i have been working with some of these companies for years now. The team that FMA can utilize are specialists from various companies that work together on a case by case situation based upon expertise and needs. This has been a Industry standard we have been using for what? 8 years now or so.
However now we want to expand that and start officially do something and bundle the resources.
So one way or another i am going to do this, i have been doing it and my software and that of others within our team and partners is just a small part of a much bigger thing.
The need for credible capability within the cyber forensic world is HUGE and the demand is even more HUGE for quality software, not to mention the amount of malware and on-line crime is skyrocketing. Ask anyone within the Internet security world, and you will see that there are so much needs and so few credible capability to combat this.
So yeah a years ago i see this happen, i see where things where going to go... so hence why i jumped into that gap.
Not trying to be a hero here, and neither do i have the ambition to be a world leader within this specific branch.
But if i only can make things more easy for our own clients and partners and if we just can achieve a baseline level to combat on-line crime, then i think we have already achieved more then any other brand out there.
As there is just no centralized standoff & investigation capability within the industry. Ask around on the forum here, what steps they have to take if their network @work is being penetrated and what authorities they have to alert.
Then you will see its a maze and with the explicit exceptions of governmental agencies there are only a few companies around the world that have ANY credibility when it comes to cyber forensic's.
So yeah there is a need and i intend to play my part to fullfill that need.

crap...i did it again didn't i? another freaking 200 pages novel... pff lmao
Cheers
 
Last edited:
  • Like
Reactions: WinXPert and Moose

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
Due to a Unexpected problem this release is being put on hold for further investigation.
In the final test it has been shown that this module did have unintended side effects, some commands where not correctly executed.
While the module does work and the end result is exactly as written, i have taken the decision to halt the release as i want the code to be smooth and clean.

Cheers
@BoraMurdar
@Umbra Polaris
@Jack

Alright guys, As requested: 7182-A (For Windows 7 (32/64bit) is now online.

FMA Update revision: 7.1.8.2 >> 7182-A
All known bugs fixed.
DOWNLOAD NOW

Note: There are some AV Vendors that will claim that my program contains:
Gen:Variant.Graftor.148857 which is just a FP

MD5: 45f25dcfb295bd26322b129cf024bd77
SHA1: b292545ef47121b61bc57817332bda696cbd7e96
SHA256: b54242fb2963eec8aab296dd38048c9b1cc07da773eca92894acbd372c707bb5
See screenshot

Side note: Is it me or are there a few AV vendors sharing signatures? Lol
I have already contacted several AV vendors and submitted my files to be removed from detection.
So it will probably take a few days for the "respected" brands to remove my software from their detection.
That being said: I guarantee beyond the reasonable doubt that my software is clean and NOT malicious.
However if you do not trust it then submit it yourself.

Kind Regards N.Nvt
 

Nico@FMA

Level 27
Thread author
Verified
May 11, 2013
1,687
I5xyCyy.png

Well thats one problem less to worry about, as i said my software is clean beyond the reasonable doubt.
Now we have to wait for the others...
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
@BoraMurdar
@Umbra Polaris
@Jack

Alright guys, As requested: 7182-A (For Windows 7 (32/64bit) is now online.

FMA Update revision: 7.1.8.2 >> 7182-A
All known bugs fixed.
DOWNLOAD NOW

Note: There are some AV Vendors that will claim that my program contains:
Gen:Variant.Graftor.148857 which is just a FP

MD5: 45f25dcfb295bd26322b129cf024bd77
SHA1: b292545ef47121b61bc57817332bda696cbd7e96
SHA256: b54242fb2963eec8aab296dd38048c9b1cc07da773eca92894acbd372c707bb5
See screenshot

Side note: Is it me or are there a few AV vendors sharing signatures? Lol
I have already contacted several AV vendors and submitted my files to be removed from detection.
So it will probably take a few days for the "respected" brands to remove my software from their detection.
That being said: I guarantee beyond the reasonable doubt that my software is clean and NOT malicious.
However if you do not trust it then submit it yourself.

Kind Regards N.Nvt

It's Bitdefender's fault...
 
Status
Not open for further replies.

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top