Home Contact

M-unition

The Ammunition You Need to Find Evil and Solve Crime

About Us

Welcome to M-unition, the MANDIANT blog. Here we share our insights about the tools we create and use to find evil and solve crime.

Live analysis and its footprint

Written by Jamie Butler

Recently there was a conversation on Harlan’s Windows Incident Response blog which mentioned the footprint of Memoryze and other tools. Every tool has positives and negatives depending on the use case.

 

First, the blog entry mainly mentions the footprint on disk, which is larger than other acquisition tools because Memoryze does both acquisition and analysis in the same package. Read the rest

Tags: , , , , , ,

. 14 Jan 09 | The Lab | Comments (0)

Integrate EnCase, Memoryze, and Audit Viewer with MemScript

Written by Kelcey Tietjen

Memoryze is a great tool for memory analysis, but what makes it even stronger is that it can be integrated with other tools to help with incident response.  These other tools can be leveraged to bring Memoryze’s capabilities to remote hosts. If your organization has not deployed or piloted MANDIANT Intelligent Response (MIR), you can use Encase Enterprise Edition (EEE) to gain access to remote memory. Read the rest

Tags: , , , , ,

. 18 Dec 08 | The Armory | Comments (0)

Article on how to use Memoryze and Audit Viewer for malware analysis

Written by Peter Silberman

I know not everyone reads OpenRCE, but it has been a favorite haunt of mine since Pedram launched it. Over the holiday, I posted an article there about how to use Memoryze and Audit Viewer to do malware analysis since that has always been one of my hobbies. Read the rest

Tags: , , , ,

. 01 Dec 08 | The Lab | Comments (0)

New Audit Viewer for Memoryze

Written by Jamie Butler


If you are tired of trying to load Memoryze’s results into Internet Explorer
or into an Excel spreadsheet, check out the new viewer from Peter
Silberman. The Audit Viewer is written in Python and comes with
the BSD license because you know best how you want to view your data. Read the rest

Tags: , , , ,

. 25 Nov 08 | The Lab | Comments (2)