Drosera - D2 Live Forensics Pack


Drosera is the new pack of tools from DSquare Security. After spending a lot of our efforts on exploit and rootkit technologies, we decided to create a new kind of live forensics framework.

All our offensive knowledge is now also used to capture and digest hidden activities on your IT. The first release provides about 40 modules for Windows based rootkits, from hidden processes to advanced kernel modifications detection:

  • Standalone, requires no installation at all (made to be used from a USB key or from a network share). [See a sample video]
  • Basic checks for hidden processes, registry entries, connections, drivers. Based on top of the modules, they provide something really easy and fast to run.
  • Optional interactive shell
  • Most modules run on all versions of Windows (XP, 2003, Vista) both 32 and 64 bits
  • Kernel detection modules are limited to XP/2003 32 bits (we are working on 64 bits compatibility)
  • Generates HTML reports [See a sample report]
  • Live forensics (no reboot or memory dumps)
  • Does not modify anything on the system (no new files, no hooks, no registry entries, ...)
  • All modules are provided with documentation

    Unlike public anti-rootkit software, our framework is actively maintained based on rootkit evolution. For customized modules, please contact us at info@d2sec.com.