Manage Unknown Code and Malware Attacks
with IOActive BlockWatch™ and IOActive The Memory Cruncher™

Gain new confidence in detecting targeted, advanced, and unknown threats

Hackers may be on your computer right now. Attacks launched using backdoors and rootkits can go undetected for years. Download these free IOActive tools to mitigate the complexity of manually identifying backdoors, rootkits, malware, and bootkits on your system.

The Memory Cruncher is a free SaaS application that gives you instant access to BlockWatch, the largest hosted secure hash whitelist, containing hundreds-of-millions of patches. The Memory Cruncher provides software assurance and high integrity verification for volatile memory in Microsoft Windows-based systems. It can attest to the integrity of Windows systems with unmatched accuracy and assurance. It interprets physical memory snapshots, normalizes inputs, and ensures completeness. Easily generate reports or interactively browse to find out what is really running on your computer. Read more.



The BlockWatch Help Manual is located in the upper right corner of the user interface and can be viewed online (XPS) or downloaded (PDF).

Reference Materials

Example reports from NIST-hosted memory images
Note: Boomer 2k3 raw dump must be converted to DMP format.

Windows 8.1 Pro is available here.

Managed ProcDetect code and binary detects hidden Windows-64 processes from a physical memory snapshot/dump. This also occurs during The Memory Cruncher scans.

Contact us for more information on how IOActive can secure your business.


Simply enter your email address below, and a message containing your login and password will be sent.

Clicking "I Agree" means that you agree to the terms and conditions of the End User License Agreement.