zynamics VxClass and memory analysis

Written by Jamie Butler

 
First, let me start by saying thanks to our users for the more than 10,000 unique downloads of Memoryze and Audit Viewer in 2010. Peter and I have been working with a lot of different people over the past couple of months to bring you this new release. Read the rest

Tags: Audit Viewer, CanSecWest, malware classification, Memory analysis, Memoryze, Training, zynamics VxClass

Memory forensics on Windows 7 (x86 and x64) and Windows 2008 x64

Written by Jamie Butler

Next month Memoryze will be two years old and a lot has changed over that time. There has been a lot of interesting research in the field of memory forensics, and responders are finding value in the analysis.
 
Platform Support
From a tool perspective, other than the addition of a GUI called Audit Viewer and the added usability that the Malware Rating Index (MRI) provides, the most noticeable change is the expanding platform support. Read the rest

Tags: DKOM attacks, Memory analysis, memory forensics, Memoryze, rootkits, Windows 2008, Windows 7

New Memoryze, Audit Viewer, and Training

Written by Jamie Butler

For those who are not on our mailing list for Memoryze or Audit Viewer, we released a new version a little over a week ago. The new version of the software includes all of the memory analysis features that are available in the newly released MANDIANT Intelligent Response (MIR) 1.4. Read the rest

Tags: Advanced Memory Forensics in Incident Response, Audit Viewer, Black Hat, memory forensics, Memoryze, MIR 1.4, Training

Honeynet Project: Challenge 3 of the Forensic Challenge 2010

Written by Helena Brito

The Honeynet Project has posted a forensic challenge centered around analyzing a memory image. The image represents the physical memory acquired from a host at a fictitious bank, which was the victim of an intruder. The Honeynet Project has come up with a series of questions that you must answer in order to solve the case. Read the rest

Tags: Audit Viewer, Forensic Challenge, Honeynet Project, Memory analysis, Memoryze, prizes

Memory Analysis on Windows 2003 64-bit and What’s Next

Written by Jamie Butler

Peter and I have been busy planning for CanSecWest in a week. The course, Advanced Memory Forensics in Incident Response, is constantly evolving. It has been about a year and a half since Memoryze was released, and just over a year for Audit Viewer.

Read the rest

Tags: Audit Viewer, Black Hat USA, CanSecWest, Malware Rating Index, Memory analysis, memory forensics, Memoryze, MRI

Malware Behaving Badly: Preview

Written by Peter Silberman

Hope everyone on the northern east coast is staying warm during snowpaclypse. Since I can’t go anywhere I figured now is the right time to write about an upcoming webinar I am giving with Michael Graven.

The webinar entitled Malware Behaving Badly is on Thursday, February 18, at 2:00 p.m. Read the rest

Tags: APT, Audit Viewer, CanSecWest, Fresh Prints Malware Behaving Badly, Malware Behaving Badly, Malware Rating Index, Memoryze, MRI, webinar

Channels

Recent Posts

• Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
• Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
• Vulnerability and Exploit Terminology Webinar
• Creating an IOC to Spot the Duqu Family
• Using Redline & OpenIOC to Build Effective Indicators

Follow us on Twitter

• Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
• Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
• Mandiant: @_saadk Thanks for the #FF!

MANDIANT News

• Gartner Security and Risk Management Summit 2012
• CEIC Conference 2012
• New York Executive Briefing: Combating Advanced Targeted Cyber Attacks
• RSA Conference 2012