copyright © 2012 Battelle Memorial Institute

what

  • a powerful, dynamic, interactive binary visualization tool

why

  • obfuscated file headers
  • no headers
  • multiple binaries embedded in a single blob
  • unique instruction sets
  • proprietary data formats
  • overwhelming complexity
  • steganography
  • memory dumps
  • rapid RE
  • triage
  • firmware
  • forensics
  • dust

introducing visual RE

  • sift through megabytes of data in seconds
  • rapidly conceptualize a file
  • identify based on patterns, not headers
  • break out embedded types
  • visualize data tampering
  • investigate structure, a priori
  • isolate areas of interest
  • make no assumptions about the underlying data type

even arbitrary data has a visual fingerprint