Profiler Advanced

Cerbero Profiler is a tool designed primarily for malware and forensic analysis. It supports a huge number of file formats (listed mainly on the page of the Standard edition ) on which it performs analysis and lets the user inspect their internal layout. Profiler is often used to identify 0-day threats and personal information inside of files. However, given the scale of the project, it has many other uses and we encourage you to visit our blog in order to see Profiler in action.

Profiler Advanced includes all the features of the Standard edition, so make sure to check out the standard edition for the list of features. The Advanced edition comes with additional features and is especially designed for experts in the forensic and security field.

Some of the additional file types supported by Profiler Advanced are:


Product information

Cerbero Profiler represents a new approach to security and file analysis. It is not an antivirus nor does it behave like one, instead it creates a profile of a scanned file by identifying threats and privacy issues, and exposes this profile to the user along with warnings and other information. It is mainly intended for security and forensic analysis. However, it can be used also by medium and advanced users: an inexperienced user might not be able to evaluate the risk of JavaScript code, but a system administrator can. This makes the software accessible to companies outside of the security industry as well. On top of that, the product offers an easy risk evaluation so that even users with little experience can benefit from it.

The main intent of Profiler is the analysis of 0-day exploits and private information contained in files. The key point is the interaction with the user who can evaluate in detail any issue discovered by Profiler and perform further inspection on the file. Another important feature is the ability to analyze embedded or referenced files, since in many cases the security issue may not be in the originally scanned file, but in a file contained in or referenced from it (a simple case would be a JPEG disclosing geolocation information embedded into a PDF). The analysis of one or more files can be saved into projects which may also include a copy of the files themselves.

This is a list of some relevant features of Profiler. Please note that it is not possible to enumerate all features because of the complexity and on-going improvement of the product.

  • Supported file formats:
    • Email (EML)
      • Extraction of attachments
    • Torrent
    • Windows Raw Memory Images (WINMEM)
      • Support for all Windows editions
      • Inspection of files in memory
      • Inspection of SSDT, IDT, GDT
      • Suppport for VAD trees
      • User address spaces
      • System address space
      • System symbols of all supported Windows editions

This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (