Why FILE-MD?

FILE-MD was designed for Windows based systems to statically analyze files for signs of malicious crafting.  FILE-MD was also designed to evaluate a single file, directory of files, a share of files, or repository of files for signs of malicious crafting faster than the standard methods many professionals use today.  

FILE-MD replaces or augments several security and forensic tools, combing many features professionals rely on, into one easy to use utility.  FILE-MD was designed to speed up the investigation of a suspect system, validate it is good and to speed up evaluating files to discover if they are malware in a lab environment or running system.

Malicious Discovery is a challenge for many and the Mean Time to Detection (MTTD) from a compromise or worse yet, a breach is still close to a year for most companies.  FILE-MD is designed to be a cost effective utility to help small, medium, large and enterprise businesses improve their Malicious Discovery with a tool that can be run manually or distributed across the environment.

A NEW TOOL TO HELP YOU WITH THE FIGHT AGAINST INFECTIONS... MALWARE INFECTIONS.

The File and Malicious Discovery tool (File-MD) is designed to assist Information Security and IT Professionals discover the artifacts needed to understand if a Windows system has a malware infection.  

USE CASES:

There are multiple use cases for File-MD, here are some to consider:

  1. Malware Analysis Lab - Use File-MD to analyze files for signs of malicious crafting:

  • Shows if a file is “Good”

  • Shows if a file is “Suspicious” needing a closer look

  • Shows if a file is “Malicious” needing more analysis

  • Optional strings output option to investigate readable strings

  • Optional detailed report of each file

        2.  Investigate a suspect system - File-MD can be used to scan a user folder such as; “C:\Users“ up to 9 levels deep to look for mal-crafted files

        3.  Incident Response - File-MD can be deployed to scan target file or folders as a part of the response to a Security Incident

        4.  File shares can be scanned such as Home or Public directories for signs of stored mal-crafted files.