DOD Cyber Crime: New Audit Viewer/Memoryze
Written by Peter Silberman
MANDIANT is going to be at DOD Cyber Crime this year. Jamie and I have both been heads down for many weeks now working on some pretty cool stuff. We are starting to come up for air and what that means for you is updates to Memoryze and Audit Viewer. Read the rest
Tags: APT, Audit Viewer, DC3, DOD Cyber Crime, malware, Malware Rating Index, MANDIANT, Memoryze, MRI
. 21 Jan 10 | The Whiteboard | Comments (0)
Flex your Memory Forensic skills at CEIC!!!
Written by Peter Silberman
MANDIANT will be at this year’s Computer Enterprise Investigation Conference (CEIC). I will be there as well running a contest for incident responders. The contest is designed to test your ability to identify malware in memory. We have all heard of the Advanced Persistent Threat, we know the acronym APT. If you’re not familiar with APT or want to become more familiar check out https://cc.readytalk.com/cc/schedule/display.do?udc=1s8rbdxuuzuf7. Read the rest
Tags: APT, Audit Viewer, Encase, malware analysis
. 11 May 09 | The Whiteboard | Comments (0)
MindSniffer, Updated Audit Viewer released
Written by Peter Silberman
I’m currently writing this blog post from my hotel room at Blackhat Federal. Jamie and I wrapped up our “Advanced Memory Forensics in Incident Response” class on Tuesday. It went very well and we are both looking forward to teaching it again in Las Vegas. Read the rest
Tags: Audit Viewer, blackhat, Memoryze, mindsniffer, peter silberman, Snort My Memory
. 19 Feb 09 | The Armory | Comment (1)
Snort My Memory – Blackhat DC 09
Written by Peter Silberman
For those of you who have not checked the speaker lineup for Blackhat DC, I will be there giving a presentation entitled “Snort My Memory.” This talk will address some research that has been going on internally here at MANDIANT for the past couple of months. Read the rest
Tags: Audit Viewer, blackhat, blackhat dc, memory, mindsniffer, snort
. 09 Jan 09 | The Whiteboard | Comments (0)
Integrate EnCase, Memoryze, and Audit Viewer with MemScript
Written by Kelcey Tietjen
Memoryze is a great tool for memory analysis, but what makes it even stronger is that it can be integrated with other tools to help with incident response. These other tools can be leveraged to bring Memoryze’s capabilities to remote hosts. If your organization has not deployed or piloted MANDIANT Intelligent Response (MIR), you can use Encase Enterprise Edition (EEE) to gain access to remote memory. Read the rest
Tags: Audit Viewer, Encase, Encase Enterprise, Enscript, Guidance Software, Memoryze
. 18 Dec 08 | The Armory | Comments (0)
Article on how to use Memoryze and Audit Viewer for malware analysis
Written by Peter Silberman
I know not everyone reads OpenRCE, but it has been a favorite haunt of mine since Pedram launched it. Over the holiday, I posted an article there about how to use Memoryze and Audit Viewer to do malware analysis since that has always been one of my hobbies. Read the rest
Tags: Audit Viewer, malware analysis, Memoryze, offensive computing, openrce
. 01 Dec 08 | The Lab | Comments (0)
Channels
Recent Posts
- DoD Cyber Crime Conference Presentation: Recipes for Remediation
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
- Creating an IOC to Spot the Duqu Family
Follow us on Twitter
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
- Mandiant: RT @bkchristopher: The BKChristopher Daily is out! http://t.co/G12zUzeS ▸ Top stories today via @mandiant
- Mandiant: M's looking for a Manager, MCIRT SOC in Redwood City, CA. Interested or know someone? http://t.co/TyxHEgfy #infosec #dfir #jobs