BlockWatch is a software application that analyzes memory to verify that everything it can find, is known (good) memory blocks.
A good memory block is something that you want to run, like Microsoft Windows, Mozilla FireFox or Skype.
BlockWatch scans folders and files you specify and converts them into variable series of smaller blocks. BlockWatch is then able to find these blocks in memory that it know’s came from your disk.
Running BlockWatch can ensure that your computer systems are running exactly what you think they are, free from rootkits, back-doors, trojans, bot (botnets) or anything else.
A simple way is to run one of our script’s, copytofile.py, this script will load your memory and extract all the code it can find to a temporary folder. You can inspect this folder to make sure it’s finding what you expect.
BlockWatch has a fundamental capability to locate fragments (smaller blocks) in side of larger blocks. Besides the memory integrity functionality, it can be used to locate data. The data search is secure, what that means is, if you have a set of “SECRET” classified documents and you wanted to scan your cloud to see if any of those documents are leaking to places they should not, you can use BlockWatch. As a bonus, BlockWatch does not need copies of your “SECRET” documents to conduct it’s search, it’s able to search securely, without exposing what it’s actually searching for.