Truman | Malware | Security Threat Analysis | Dell SecureWorks

Truman

Author(s)
Joe Stewart

License
GPL

Latest Version
0.1

Description
Truman can be used to build a "sandnet", a tool for analyzing malware in an environment that is isolated, yet provides a virtual Internet for the malware to interact with. It runs on native hardware, therefore it is not stymied by malware which can detect VMWare and other VMs. The major stumbling block to not using VMs is the difficulty involved with repeatedly imaging machines for re-use. Truman automates this process, leaving the researcher with only minimal work to do in order to get an initial analysis of a piece of malware.

Truman consists of a Linux boot image (originally based on Chas Tomlin's Windows Image Using Linux) and a collection of scripts. Also provided is pmodump, a Perl-based tool to reconstruct the virtual memory space of a process from a PhysicalMemory dump. With this tool it is possible to circumvent most packers to perform strings analysis on the dumped malware.

License Agreement

Agree and Download Truman
Agree and Download pmodump Only

Please note that SecureWorks cannot provide support for these tools, but feedback is appreciated.

Next Steps

Contact Us Call Us Today
(877) 838-7947
UK +44 131 260 3044

SMB SOLUTIONS

Online Tools

  • Print this Page
  • Share This Resource






By completing this form you'll be opting in to receiving future communications about products and services from Dell SecureWorks.