Wednesday, October 01, 2008

FileAdvisor: software file search engine

Troy Larson sent me a heads up on Bit9's FileAdvisor, a service they describe as "a comprehensive catalog of executables, drivers, and patches found in commercial Windows applications and software packages. Malware and other unauthorized software that affects Windows computers is also indexed."
I immediately checked the FileAdvisor db for malware results as well non-Windows binaries and was pleasantly surprised with immediate and comprehensive results. You do have to register, but I was further impressed with the fact that they offered the option for a short or full registration.
This appears to be worthy of a bookmark in your incident handler/malware researcher/forensic investigator toolkit.

del.icio.us | digg

2 comments:

Anonymous said...

(Disclosure: I have a close friend who's worked at Bit9 before they put out v1.0)

I, too, have found FileAdvisor to be a valuable resource. While the database might be updated with information that Bit9 collects and feeds it, I urge users to submit hashes for files they come across in their analyses. Though I'd love to see more non-commercial efforts in this area, I'm still glad to see someone else throw FileAdvisor out there :)

Rafal Los said...

I'm going to have to support this one too Russ, good find. There are honestly *not enough* of these sites/services around. The problem is finding one that isn't "influenced" by ... uhmm... vendors (good or bad) :)

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...