Our Mis­sion

Mem­ory foren­sics is hard and cum­ber­some. We be­lieve this can be changed. The pow­er­ful Truf­flepig soft­ware is com­fort­able to use, re­li­able and equipped with unique analy­sis fea­tures. It helps law en­force­ment agen­cies and DFIR teams re­al­ize the full po­ten­tial of mem­ory analy­sis.

Our Prod­uct Vi­sion

Au­toma­tion & Com­fort of Use

Truf­flepig Foren­sics re­duces time and un­nec­es­sary steps in the mem­ory analy­sis work­flow. The frame­work sup­ports analy­sis on all amd64 sys­tems with­out the need of spec­i­fy­ing hard­ware pro­files. Re­sults are cross-cor­re­lated with dif­fer­ent data sources (e.g. disk im­ages) and ad­vanced mal­ware de­tec­tion al­go­rithms are ap­plied. Sup­port for the de­cryp­tion of en­crypted con­tain­ers is pro­vided.

Per­for­mance & Ro­bust­ness

Truf­flepig Foren­sics uses pat­tern re­dun­dancy to in­crease the ro­bust­ness of the re­sults. The data-ori­ented C++ im­ple­men­ta­tion sig­nif­i­cantly speeds up the analy­sis.

In­te­gra­bil­ity & Ex­pand­abil­ity

Truf­flepig Foren­sics can be eas­ily in­te­grated into ex­ist­ing work­flows. The re­sults can be ex­ported as JSON or sim­i­lar for­mats and our API al­lows for cus­tomiza­tion.

Use Cases

Law En­force­ment

Truf­flepig pro­vides law en­force­ment agen­cies with ad­vanced ca­pa­bil­i­ties to an­a­lyze dig­i­tal ev­i­dence. The in­tu­itive frame­work sup­ports them for ex­am­ple in find­ing sus­pi­cious processes and net­work ac­tiv­ity as well as in de­crypt­ing en­crypted ob­jects.

In­ci­dent Re­sponse

Truf­flepig helps DFIR Teams in­crease their pro­duc­tiv­ity and gen­er­ate ad­di­tional in­sights. With the frame­work they can de­tect and re­verse en­gi­neer mal­ware, re­spond to hacker ac­tiv­ity and user mis­con­duct.

Our Team

Aaron Har­tel

Busi­ness-Guy

Chris­t­ian Müller

Hacker / Coder / Nerd

Oliver Siew­ers

Hacker / Coder / Nerd

Our Part­ners