Memory forensics is hard and cumbersome. We believe this can be changed. The powerful Trufflepig software is comfortable to use, reliable and equipped with unique analysis features. It helps law enforcement agencies and DFIR teams realize the full potential of memory analysis.
Trufflepig Forensics reduces time and unnecessary steps in the memory analysis workflow. The framework supports analysis on all amd64 systems without the need of specifying hardware profiles. Results are cross-correlated with different data sources (e.g. disk images) and advanced malware detection algorithms are applied. Support for the decryption of encrypted containers is provided.
Trufflepig Forensics uses pattern redundancy to increase the robustness of the results. The data-oriented C++ implementation significantly speeds up the analysis.
Trufflepig Forensics can be easily integrated into existing workflows. The results can be exported as JSON or similar formats and our API allows for customization.
Trufflepig provides law enforcement agencies with advanced capabilities to analyze digital evidence. The intuitive framework supports them for example in finding suspicious processes and network activity as well as in decrypting encrypted objects.
Trufflepig helps DFIR Teams increase their productivity and generate additional insights. With the framework they can detect and reverse engineer malware, respond to hacker activity and user misconduct.