Tearing up the Windows Registry with python-registry
Written by William Ballenthin
Recently, I wanted to dig deep into a forensic artifact resident in the Windows Registry. To make the task more interesting, I challenged myself to use only tools native to my favorite operating system: Linux. I was quickly disappointed, however, as there are few open and cross-platform tools for Windows Registry forensics beyond Perl’s Win32::Registry. Read the rest
Tags: forensics, incident response, python, registry
. 20 Jul 11 | The Lab | Comments (3)
SANS WhatWorks Summit in Forensics and Incident Response
Written by Jamie Butler
The SANS WhatWorks Summit is quickly approaching, and I am excited to attend for the first time this year. Peter Silberman and I will be presenting on memory forensics. There has been some recent public debate about the usefulness of memory forensics. Read the rest
Tags: DailyDave, Find Evil, forensics, incident response, memory, SANS
. 01 Jun 09 | The Whiteboard | Comments (0)
Mandiant Highlighter featured on CyberSpeak podcast
Written by Jed Mitten
Jason Luttgens and I were interviewed by Bret Padres and Ovie Carroll over at the CyberSpeak podcast regarding our log analysis tool, Highlighter. Take some time to listen — the interview begins at 18m 10s, though I recommend listening to the whole show because those guys are fun and their content relevant. Read the rest
Tags: forensics, free, highlighter, incident response, log analysis, software
. 09 Mar 09 | The Armory | Comments (0)
APT Forensics M-unition Pack
Written by Kelcey Tietjen
I recently spoke at the DoD cybercrime conference on Advanced Persistent Threat (APT) forensics. During the presentation I talked about several ways you can use forensics to answer difficult questions that arise once an APT incident is identified. Some of these questions are:
- What was the initial vector?
Tags: Advanced Persistent Threat, APT, DoD CyberCrime, Encase, forensics
. 13 Feb 09 | The Armory | Comments (0)
Mandiant Highlighter v1.0
Written by Jason Luttgens
I was poring over some Windows event logs about a year ago, looking for a security breach. We had good intel that a breach occurred on this system, just not exactly what or when. I was getting ridiculously frustrated by the number of non-relevant entries I had to mentally process and thought “there has to be a better way!”
So I searched the Internet and asked colleagues in search of an application that would allow me to quickly remove lines from a text file. Read the rest
Tags: forensics, graphics, highlighter, log review, software, tools
. 29 Jan 09 | The Armory | Comment (1)
Channels
Recent Posts
- Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
- Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
- Vulnerability and Exploit Terminology Webinar
- Creating an IOC to Spot the Duqu Family
- Using Redline & OpenIOC to Build Effective Indicators
Follow us on Twitter
- Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
- Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
- Mandiant: @_saadk Thanks for the #FF!