Security Projects

You are here:  Home > RadioGraPhy

RadioGraPhy

Radiography is a forensic tool which grabs as much information as possible from a Windows system.

Its checks:

  • Registry keys related to startup process
  • Registry keys with Internet Explorer settings
  • System Accounts and properties
  • Startup files
  • System services
  • Hosts file contents
  • TaskScheduler tasks
  • Loaded System Drivers
  • NetBios Shares
  • Hidden Windows
  • System processes running (and their location if possible)
  • Network information (Open connections, listening ports ...) 

It has also unique features:

-When it identifies a process (running or configured in registry keys, startup directories or task scheduler) it checks its hash with Team Cymru's MALWARE HASH REGISTRY service to identify potential threats

-RadioGraPhy does a process integrity test using 'WinUnhide' to catch hidden processes

-Dump a copy of Eventlog and grab a copy of the process binaries for later review 

RadioGraPhy is OpenSource (GPL License) and come with a CLI version and a graphic frontend (please have a look to Screenshots section)