Web Historian: Reloaded

Written by Aaron LeMasters

We’ve been busy here on team agent at MANDIANT.  In the spirit of our long-standing support of free software in the Incident Response community, we are happy to announce the release of Web Historian 2.0.  This release is a complete rewrite and revamp of our very popular web history extraction tool.  This version of Web Historian comes packed with features and supports Firefox 2/3+, Chrome 3+, and Internet Explorer versions 5 through 8.  Here is a quick run-down of some of the new features:

• Collects web history, cookie history, file download history, and form history into data sets
• Simple/powerful UI based on tabbed organization of datasets
• Perform a live artifact scan of the local system
• Perform an artifact scan of one or more arbitrary history files from all supported browsers
• Import results from existing XML scan documents
• Data displayed in gridview style with full search, sort, and filter capabilities
• Custom filters can be created and applied to one or more data sets
• Export data sets to XML, HTML or CSV
• Extract and export history files used in live artifact scan
• Quick copy/paste selected gridview rows to clipboard
• Customizable scan settings can tweak the scan to target specific browsers and data sets
• Right-click context menu for narrowing gridview data instantly
• Select which columns to display in each dataset
• View page thumbnails and indexed content
• Export sanitized version of history results to distribute to others
• Website Analyzer provides visualization of datasets using bar graphs, pie charts and timelines
• Website Profiler shows a quick “report card” of artifacts for various websites

The custom filters mentioned above are extremely useful for narrowing the scope of your web history investigation. Read the rest

Tags: blackhat, browser forensics, free tools, MIR 1.4, Web Historian

New Memoryze, Audit Viewer, and Training

Written by Jamie Butler

For those who are not on our mailing list for Memoryze or Audit Viewer, we released a new version a little over a week ago. The new version of the software includes all of the memory analysis features that are available in the newly released MANDIANT Intelligent Response (MIR) 1.4. Read the rest

Tags: Advanced Memory Forensics in Incident Response, Audit Viewer, Black Hat, memory forensics, Memoryze, MIR 1.4, Training

Channels

Recent Posts

• Education and Information Sharing Top Priority at 2012 DoD Cyber Crime Conference
• Executive Breakfast Briefing with Former DHS Secretary Michael Chertoff
• Vulnerability and Exploit Terminology Webinar
• Creating an IOC to Spot the Duqu Family
• Using Redline & OpenIOC to Build Effective Indicators

Follow us on Twitter

• Mandiant: RT @cbentle2: @OpenIOC Updated #IOC posted https://t.co/Y2PGTuqE #dfir
• Mandiant: M's Michael Sikorski wrote a book, "Practical Malware Analysis" & will be hosting a webinar to discuss it! 2/29 2PM ET http://t.co/fd7Bf8Vj
• Mandiant: @_saadk Thanks for the #FF!

MANDIANT News

• Gartner Security and Risk Management Summit 2012
• CEIC Conference 2012
• New York Executive Briefing: Combating Advanced Targeted Cyber Attacks
• RSA Conference 2012