Mozilla Introduces Masche: Open-Source Memory Scanning Technology

Mozilla just released an open-source memory scanning technology for security lovers. The security system called the Mozilla InvestiGator (MIG), a cross-platform endpoint security system was developed at Mozilla for its own internal used to operate and check its thousands of servers.

Julien Vehent writes on Mozilla Security Blog:

MIG can inspect the file system and network information of thousands of hosts in parallel, which greatly helps increase visibility across the infrastructure. But until recently, it lacked the ability to look into the memory of running processes, a need that often arises during security investigations.

Masche provides basic primitives for scanning the memory of processes without disrupting the normal operations of a system. Compared with frameworks like Volatility or Rekall, Masche does not provide the same level of advanced forensics features. Instead, it focuses on searching for regexes and byte strings in the processes of large pools of systems, and does so live and very fast.

The source code of Masche is completely open source under the Mozilla Public License, version 2.0, and can be found on github at https://github.com/mozilla/masche.