Microsoft recently announced a new antimalware service called Project Freta. Officially described as: “Microsoft Research developed a free service to detect evidence of operating system and sensor damage in memory snapshots of Live Linux systems, such as rootkits and advanced malware.” “
Project Freta is cloud-based, and the memory forensics tool was created by Microsoft Research’s NExT Security Ventures (NSV) team. The tool works by capturing images of the operating system running in a virtual machine and uploading it to the cloud for analysis.
Currently, the project supports four memory mirrors: Hyper-V Memory Snapshot (.vmrs file), LiME mirror (.lime file), Elf Core Dump (.core file) of physical memory, and raw physical memory dump (.raw file). Because configuration is not required, Project Freta allows users to remove unknown malware from volatile memory by pressing a button.
The project’s analytics services include processes, global values and addresses, memory files, debugging processes, kernel components, networks, ARP tables, open files, open sockets, and Unix sockets.
In the article, he wrote
Just as film cameras in the past have similar megapixels to today’s smartphones, but usage and availability are hugely different, the Freta project intends to eliminate volatile memory of unknown malware at the push of virtual machines through automated and democratized virtual machines, allowing each user and each business to remove volatile memory from unknown malware at the push of a button without the need for additional settings.