Cuckoo Sandbox is an _ Open Source _ software for automating analysis of suspicious files. To do so it makes use of custom components that monitor the behavior of the malicious processes while running in an isolated environment.
Cuckoo generates a handful of different raw data which include:
In order to make such results more consumable to the end users, Cuckoo is able to process them and generate different type of reports, which could include:
Cuckoo Sandbox 0.6 (2012-04-15)
(note for author’s blog)
This release represents a major step forward for the quality of the project: you won’t find an endless list of new features this time, but a handful of solid improvements that should make your experience with sandboxing much more pleasant.
Along with a few smaller additions, the focus of 0.6 revolves around the introduction of network logging . Until now the retrieval of the analysis results from the analysis machines happened through an inefficient and resource-expensive XMLRPC transaction. With Cuckoo Sandbox 0.6 we are now able to collect behavioral logs, dropped files, screenshots and memory dumps in real-time from the analysis machines through the use of what it’s been called _ ResultServer _ .
The advantages of this approach are multiple:
Probably some more advantages, but it’s already awesome as it is.