Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Mozilla Unveils Cross-Platform Memory Scanning Forensics Library

Mozilla has unveiled a new, cross platform memory inspection library that can be integrated into its Mozilla InvestiGator (MIG) endpoint security system.

Mozilla has unveiled a new, cross platform memory inspection library that can be integrated into its Mozilla InvestiGator (MIG) endpoint security system.

Dubbed “Masche” by its creators, the memory forensics library runs on Linux, Mac OS and Windows and provides basic primitives for scanning the memory of processes without disrupting the normal operations of a system.

First created in 2013 by Julien Vehent, a member of the Operations Security team at Mozilla, MIG can inspect the file system and network information of thousands of hosts in parallel, which helps increase visibility across the infrastructure, but until now, lacked the ability to look into the memory of running processes, a need that often arises during security investigations, Vehent explained in a blog post.

“Compared with frameworks like Volatility or Rekall, Masche does not provide the same level of advanced forensics features. Instead, it focuses on searching for regexes and byte strings in the processes of large pools of systems, and does so live and very fast,” Vehent said.

Masche was developed over the last 6 months by Marco Vanotti, Patricio Palladino, Nahuel Lascano and Agustin Martinez Suñé, all students from University of Buenos Aires, Argentina.

According to Vehent, Mozilla is now integrating Masche as a module for MIG with the goal to deploy it across its infrastructure.

 

Developed as a fully open source project and published under the Mozilla Public License, the source code of Masche can be found on github.

Advertisement. Scroll to continue reading.

Mozilla isn’t alone in looking for innovative ways to protect the thousands of servers across its infrastructure. In a move to bolster the security of its massive global server network, Facebook announced in August 2014 that it was acquiring Palo Alto, California-based cybersecurity startup PrivateCore. PrivateCore’s vCage software transparently secures data in use with full memory encryption for any application, any data, anywhere on standard x86 servers.  

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem