Microsoft Buys Forensics Company

Microsoft announced that it has acquired Komoku, maker of forensics analysis tools. Microsoft intends to integrate Komoku's technology its security offerings.

Komoku was founded in 2004 and developed a set of tools that aid researchers with incident response and forensic analysis. The company's Volatools Basic toolkit, first released at the Blackhat Federal conference in February 2007, is a Python-based platform that can extract information from volatile memory images on Windows XP systems. Volatools was retired in December 2007, however the original developers of Volatools went on to create Volitility Framework, which is an open source forensics toolkit.

Komoku's commercial Volatools Professional platform is a more advanced version of Volatools Basic while Komoku's Acquisition Suite is designed for system state acquisition on Windows 2000, Windows XP, and Windows 2003.

"Komoku has been a leader in the area of rootkit detection, doing work for ultra security-conscious customers such as the Department of Homeland Security (DHS) and the Department of Defense (DOD)," said Ryan Hamlin, general manager, Access and Security Division, Server and Tools Business at Microsoft.

Microsoft intends to integrate the technology as rootkit detection in its Forefront enterprise security products as well as Windows Live OneCare. Microsoft also said that most of Komoku's team will join its Access and Security Division, and the Komoku name will be retired. Financial terms of the acquisition were not made public.