APT Forensics M-unition Pack
Written by Kelcey Tietjen
I recently spoke at the DoD cybercrime conference on Advanced Persistent Threat (APT) forensics. During the presentation I talked about several ways you can use forensics to answer difficult questions that arise once an APT incident is identified. Some of these questions are:
- What was the initial vector?
- What did the attackers do exactly?
- Was any sensitive data exposed for exfiltrated?
- How do we successfully respond to the incident?
These questions can usually be answered easily if the response team has the right tools and methodology. This is where the APT M-unition pack will help. In this package are templates for forensic methodology, EnScripts to help with analysis, and the presentation given at DoD cybercrime. The forensic methodology template can be opened with NoteCase. NoteCase is available at the following link:
If anyone has questions on the use of the EnScripts or steps in the methodology feel free to contact me by email at kelcey.tietjen@mandiant.com. The APT M-unition pack can be acquired from below:
Kelcey
Tags: Advanced Persistent Threat, APT, DoD CyberCrime, Encase, forensics
. 13 Feb 09 | The Armory
Leave a Reply
You must be logged in to post a comment.
Channels
Recent Posts
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
- Creating an IOC to Spot the Duqu Family
- Using Redline & OpenIOC to Build Effective Indicators
Follow us on Twitter
- Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
- Mandiant: @_saadk Thanks for the #FF!