Connect with us

Hi, what are you looking for?


Incident Response

Mozilla Unveils Cross-Platform Memory Scanning Forensics Library

Mozilla has unveiled a new, cross platform memory inspection library that can be integrated into its Mozilla InvestiGator (MIG) endpoint security system.

Mozilla has unveiled a new, cross platform memory inspection library that can be integrated into its Mozilla InvestiGator (MIG) endpoint security system.

Dubbed “Masche” by its creators, the memory forensics library runs on Linux, Mac OS and Windows and provides basic primitives for scanning the memory of processes without disrupting the normal operations of a system.

First created in 2013 by Julien Vehent, a member of the Operations Security team at Mozilla, MIG can inspect the file system and network information of thousands of hosts in parallel, which helps increase visibility across the infrastructure, but until now, lacked the ability to look into the memory of running processes, a need that often arises during security investigations, Vehent explained in a blog post.

“Compared with frameworks like Volatility or Rekall, Masche does not provide the same level of advanced forensics features. Instead, it focuses on searching for regexes and byte strings in the processes of large pools of systems, and does so live and very fast,” Vehent said.

Masche was developed over the last 6 months by Marco Vanotti, Patricio Palladino, Nahuel Lascano and Agustin Martinez Suñé, all students from University of Buenos Aires, Argentina.

According to Vehent, Mozilla is now integrating Masche as a module for MIG with the goal to deploy it across its infrastructure.


Advertisement. Scroll to continue reading.

Developed as a fully open source project and published under the Mozilla Public License, the source code of Masche can be found on github.

Mozilla isn’t alone in looking for innovative ways to protect the thousands of servers across its infrastructure. In a move to bolster the security of its massive global server network, Facebook announced in August 2014 that it was acquiring Palo Alto, California-based cybersecurity startup PrivateCore. PrivateCore’s vCage software transparently secures data in use with full memory encryption for any application, any data, anywhere on standard x86 servers.  

Written By

For more than 10 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is the Director of several leading security industry conferences around the world.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.