[Figure] Microsoft launches Project Freta service to find malware in system memory snapshot

Microsoft recently announced a new anti-malware service called “Project Freta. The official description is: “A free service developed by Microsoft Research to detect operating system and sensor damage evidence in Live Linux system memory snapshots, such as rootkits and advanced malware.”


microsoft China official mall-home

visit: https://freta.azurewebsites.net

Project Freta is based on cloud computing, and the memory forensics tool is composed microsoft created by the NExT security venture capital (NSV) team of the Research Department. The tool works by capturing images of operating systems running in virtual machines and uploading them to the cloud for analysis.

Currently, the project supports four memory images: Hyper-V memory snapshots (.vmrs file),LiME image (.lime file), Elf core dump of physical memory (.core files) and raw physical memory dumps (.raw file). Since no configuration is required, Project Freta allows users to eliminate unknown malware in volatile memory by pressing a button.

The project’s analysis services include processes, global values and addresses, memory files, debugged processes, kernel components, networks, ARP tables, open files, open sockets, and Unix sockets.

Write in the article

just like the film camera of the past and today’s intelligence mobile phone it has similar megapixels, but its usability and usability are greatly different. The Freta project intends to obtain evidence through automated and Democratic virtual machines, enables each user and each enterprise to clear the volatile memory of unknown malware at the press of a button without additional setup.