Suite Advanced

Cerbero Suite is collection of tools designed primarily for malware and forensic analysis. It supports an extensive number of file formats (listed mainly on the page of the Standard edition ) on which it performs analysis and lets the user inspect their internal layout. Cerbero Suite is often used to identify 0-day threats and personal information inside of files. However, given the scale of the project, it has many other uses and we encourage you to visit our blog in order to see Cerbero Suite in action.

Cerbero Suite Advanced includes all the features of the Standard edition, so make sure to check out the standard edition for the list of features. The Advanced edition comes with additional features and is especially designed for experts in the forensic and security field. Among various additional file formats, it features the Carbon Interactive Disassembler.

Some of the additional file types supported by Cerbero Suite Advanced are:

WINDOWS RAW MEMORY IMAGES, WINDOWS DMP FILES, WINDOWS HIBERNATION FILES, EML, TORRENT

Product information

Cerbero Suite represents a new approach to security and file analysis. It is not an antivirus nor does it behave like one, instead it creates a profile of a scanned file by identifying threats and privacy issues, and exposes this profile to the user along with warnings and other information. It is mainly intended for security and forensic analysis. However, it can be used also by medium and advanced users: an inexperienced user might not be able to evaluate the risk of JavaScript code, but a system administrator can. This makes the software accessible to companies outside of the security industry as well. On top of that, the product offers an easy risk evaluation so that even users with little experience can benefit from it.

The main intent of Cerbero Suite is the analysis of 0-day exploits and private information contained in files. The key point is the interaction with the user who can evaluate in detail any issue discovered by Cerbero Suite and perform further inspection on the file. Another important feature is the ability to analyze embedded or referenced files, since in many cases the security issue may not be in the originally scanned file, but in a file contained in or referenced from it (a simple case would be a JPEG disclosing geolocation information embedded into a PDF). The analysis of one or more files can be saved into projects which may also include a copy of the files themselves.

This is a list of some relevant features of Cerbero Suite. Please note that it is not possible to enumerate all features because of the complexity and on-going improvement of the product.


  • Carbon Interactive Disassembler
  • Supported file formats:
    • Email (EML)
      • Extraction of attachments
    • Torrent
    • Windows Dmp files (WINDMP)
      • Inspection of internal structures
      • Full inspection of memory when available
    • Windows Hibernation files
      • Inspection of internal structures
      • Full inspection of memory
    • Windows Raw Memory Images (WINMEM)
      • Support for all Windows editions
      • Inspection of files in memory
      • Inspection of SSDT, IDT, GDT
      • Suppport for VAD trees
      • User address spaces
      • System address space
      • System symbols of all supported Windows editions

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)