Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

DOD Cyber Crime: New Audit Viewer/Memoryze

Written by Peter Silberman

MANDIANT is going to be at DOD Cyber Crime this year. Jamie and I have both been heads down for many weeks now working on some pretty cool stuff. We are starting to come up for air and what that means for you is updates to Memoryze and Audit Viewer. Read the rest

Tags: , , , , , , , ,

. 21 Jan 10 | The Whiteboard | Comments (0)

Flex your Memory Forensic skills at CEIC!!!

Written by Peter Silberman

MANDIANT will be at this year’s Computer Enterprise Investigation Conference (CEIC). I will be there as well running a contest for incident responders. The contest is designed to test your ability to identify malware in memory. We have all heard of the Advanced Persistent Threat, we know the acronym APT.  If you’re not familiar with APT or want to become more familiar check out https://cc.readytalk.com/cc/schedule/display.do?udc=1s8rbdxuuzuf7. Read the rest

Tags: , , ,

. 11 May 09 | The Whiteboard | Comments (0)

MindSniffer, Updated Audit Viewer released

Written by Peter Silberman

I’m currently writing this blog post from my hotel room at Blackhat Federal. Jamie and I wrapped up our “Advanced Memory Forensics in Incident Response” class on Tuesday. It went very well and we are both looking forward to teaching it again in Las Vegas. Read the rest

Tags: , , , , ,

. 19 Feb 09 | The Armory | Comment (1)

Snort My Memory – Blackhat DC 09

Written by Peter Silberman

For those of you who have not checked the speaker lineup for Blackhat DC, I will be there giving a presentation entitled “Snort My Memory.” This talk will address some research that has been going on internally here at MANDIANT for the past couple of months. Read the rest

Tags: , , , , ,

. 09 Jan 09 | The Whiteboard | Comments (0)

Integrate EnCase, Memoryze, and Audit Viewer with MemScript

Written by Kelcey Tietjen

Memoryze is a great tool for memory analysis, but what makes it even stronger is that it can be integrated with other tools to help with incident response.  These other tools can be leveraged to bring Memoryze’s capabilities to remote hosts. If your organization has not deployed or piloted MANDIANT Intelligent Response (MIR), you can use Encase Enterprise Edition (EEE) to gain access to remote memory. Read the rest

Tags: , , , , ,

. 18 Dec 08 | The Armory | Comments (0)

Article on how to use Memoryze and Audit Viewer for malware analysis

Written by Peter Silberman

I know not everyone reads OpenRCE, but it has been a favorite haunt of mine since Pedram launched it. Over the holiday, I posted an article there about how to use Memoryze and Audit Viewer to do malware analysis since that has always been one of my hobbies. Read the rest

Tags: , , , ,

. 01 Dec 08 | The Lab | Comments (0)