MindSniffer, Updated Audit Viewer released
Written by Peter Silberman
I’m currently writing this blog post from my hotel room at Blackhat Federal. Jamie and I wrapped up our “Advanced Memory Forensics in Incident Response” class on Tuesday. It went very well and we are both looking forward to teaching it again in Las Vegas. I just finished giving my talk “Snort my Memory.” I detailed the talk in a previous blog post. This post now includes links to available software. MindSniffer is available here. If you have any questions comments suggestions please feel free to contact me peter.silberman@mandiant.com.
Following the release of MindSniffer I am thrilled to announce a NEW version of Audit Viewer. This version includes the following features:
- Process are marked in red if they have injected dlls
- View imports/exports of PE files in memory. This can be done by right clicking on memory sections
- Signature Manager built into Audit Viewer to support py files generated by MindSniffer
- Added sections and semaphore handle types
- Memoryze Launcher – this a GUI wrapping Memoryze and allowing you to configure Memoryze all from a user interface. No more batch scripts or xml files. To utilize Memoryze Launcher, click “Launch Memoryze.” You can configure multiple jobs to run at once once they will all run, then the results are auto loaded into Audit Viewer for easier integration. This is a huge feature and I’m very excited to get feed back on it.
- Numerous bug fixes
- Updated documentation
Grab the new audit viewer at its new location Audit Viewer
Please feel free to e-mail comments suggestions ideas and anything else you think I should know regarding Audit Viewer.
Enjoy,
Peter
Tags: Audit Viewer, blackhat, Memoryze, mindsniffer, peter silberman, Snort My Memory
. 19 Feb 09 | General
Reader's Comments
Leave a Reply
You must be logged in to post a comment.
Recent Posts
- State of the Hack Webinar – Thursday March 11th
- Malware Behaving Badly: Preview
- Audit Viewer: Malware Rating Index Undocumented Features and Caveats
- Combat the APT by Sharing Indicators of Compromise
- DOD Cyber Crime: New Audit Viewer/Memoryze
Follow us on Twitter
- Mandiant: 1 hour left to register for MANDIANT's State of the Hack: Silent But Deadly webinar Today @ 2pm EST http://bit.ly/cKw0ba
- Mandiant: 3 hrs left to register for MANDIANT's State of the Hack: Silent But Deadly webinar Today @ 2pm EST http://bit.ly/cKw0ba
- Mandiant: 4 hrs left to register for MANDIANT's State of the Hack: Silent But Deadly webinar Today @ 2pm EST http://bit.ly/cKw0ba
[...] when I thought I had figured out how to use the XML files I got a pleasant little surprise on the Mandiant blog. Audit Viewer has been updated to run Memoryze automatically. Now we have a quick and easy [...]