Cerberus now is part of FORENSIC TOOLKIT (FTK)

Please visit the page of FTK here for more information


Cerberus is the first-ever automated malware triage platform solution designed to integrate with Forensic Toolkit® (FTK®) to empower enterprises to proactively identify and remediate compromised systems.

The rise in malicious software is an increasing concern to organizations. When companies are hit by malware and viruses, they risk downtime, reputation damage and loss of money trying to recover. As part of an incident response plan, is imperative for enterprises to have the tools necessary to identify and remediate compromised systems. Cerberus is available as an add-on to FTK to enable organizations to quickly scan binary files from a suspected compromised system. Cerberus and FTK work together to determine any possible malware and if necessary forward those binaries to an expert for further analysis.

Obtain Actionable Intelligence without the use of a Sandbox or Signature-Based Solutions

Typically, actionable intelligence of an incident is only obtained until time-consuming analysis is conducted by a specialized malware team. Cerberus’ disassembly and emulation process allows first and second responders to proactively identify and scan suspicious binaries so they can determine the behavior and intent of potential malware without reliance on a sandbox or signature-based solutions. This means less damage is done by malware and there is a decreased dependence on the malware team.

Cerberus’ two-stage protocol quickly tallies a “threat score”, approximating how dangerous a binary might be, followed by much more complex disassembly analysis that gives incident responders actionable intelligence in minutes without actually running the code. This first-pass analysis is of great value in that it not only enables incident responders to take decisive action more quickly, but it reveals behavior and intent without running the risk of triggering defense mechanisms commonly found in malware.


Cerberus’ unique approach to malware triage differs from any other product on the market because it DOES NOT rely on:

  • Dynamic Analysis that causes the binary to potentially recognize that it is being analyzed and perform a different action in order to intentionally fool the analyst.
  • Traditional Heuristics which are not based on the fundamental characteristics of malware and have high false positive / false negative rates.
  • Signature-based / Byte String Analysis which is unable to detect new malware or new variants and requires prior knowledge in the form of an action or byte string.

With Cerberus, you are not relying on whitelists or signatures. You are able to assess behavior and identify intent without the above methodologies.