MANDIANT AT CEIC 2010

Written by Brian Gwinner

Got the time?

As part of the Digital Analysis Lab track at CEIC, MANDIANT Director Rob Lee will be teaching Super Timeline Analysis. You will learn how to establish a single framework from which you can analyze multiple examinations of time based data in this hands-on practical.

Move over Iron Man – MIR 1.4 is coming!

We wanted to let the dust settle from the other release of superior red metal before we announced ours!

MANDIANT is releasing the next version of MANDIANT Intelligent Response at CEIC 2010.

Here are just some of the features MIR 1.4 includes:

• Support for the OpenIOC open indicator format – a free-to-use, open XML schema for describing indicators of compromise.
• Agent support for Windows 7, 64-bit systems for non-memory forensic audits.
• Agent support for Windows Vista 32-bit systems.
• Agent support for 64-bit memory forensic audits for Windows 2k3 systems.
• Optional Agent installation into “self-hiding” mode.

So what else has changed since MIR 1.3?

Come visit us at CEIC booth 706 and find out!

Tags: CEIC 2010, MIR, OpenIOC

Recent Posts

• DLL Search Order Hijacking Revisited
• Find Evil and Solve Crime, Part 1: Focus
• Reversing Malware Command and Control: From Sockets to COM
• The Challenges to Remediating from the APT
• Stuxnet Memory Analysis and IOC creation

Follow us on Twitter

• Mandiant: M's @nickharbour revisits DLL Search Order Hijacking to propose his solution to the problem http://bit.ly/ctmxM7
• Mandiant: The slides and recording are now posted for the Fresh Prints of Mal-ware: 0x1, 0x2, 0x3s of IOC webinar http://bit.ly/dutt9E #m_fp
• Mandiant: Registration now up for M's State of the Hack webinar ft. Josh Corman/@the451group 9/23 @ 2PM EDT http://bit.ly/c08atu #M_SOH

MANDIANT News

• Advanced Persistent Threat – Intelligence Brief
• The State of the Hack - The Advanced Persistent Threat
• The State of the Hack - The Advanced Persistent Threat
• MANDIANT Incident Response Conference (MIRcon)