Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

Flex your Memory Forensic skills at CEIC!!!

Written by Peter Silberman

MANDIANT will be at this year’s Computer Enterprise Investigation Conference (CEIC). I will be there as well running a contest for incident responders. The contest is designed to test your ability to identify malware in memory. We have all heard of the Advanced Persistent Threat, we know the acronym APT.  If you’re not familiar with APT or want to become more familiar check out https://cc.readytalk.com/cc/schedule/display.do?udc=1s8rbdxuuzuf7. Read the rest

Tags: , , ,

. 11 May 09 | The Whiteboard | Comments (0)

APT Forensics M-unition Pack

Written by Kelcey Tietjen

 

I recently spoke at the DoD cybercrime conference on Advanced Persistent Threat (APT) forensics.  During the presentation I talked about several ways you can use forensics to answer difficult questions that arise once an APT incident is identified.  Some of these questions are:

Tags: , , , ,

. 13 Feb 09 | The Armory | Comments (0)

Integrate EnCase, Memoryze, and Audit Viewer with MemScript

Written by Kelcey Tietjen

Memoryze is a great tool for memory analysis, but what makes it even stronger is that it can be integrated with other tools to help with incident response.  These other tools can be leveraged to bring Memoryze’s capabilities to remote hosts. If your organization has not deployed or piloted MANDIANT Intelligent Response (MIR), you can use Encase Enterprise Edition (EEE) to gain access to remote memory. Read the rest

Tags: , , , , ,

. 18 Dec 08 | The Armory | Comments (0)