Monday, November 15, 2010

Mandiant: Forensic and Incident Response Tools

Below is the list of tools that I used to perform forensic and incident response. All are available at Mandiant free software.
  1. MANDIANT IOCe is a free editor for Indicators of Compromise (IOCs). 
  2. Memoryze - A free memory forensics software designed to help incident responders find evil within live memory.
  3. MIR Lite-CDT - A command line utility based on technology from MANDIANT's Intelligent Response enterprise product.
  4. Audit Viewer - An open source tool that allows users to examine the results of Memoryze's analysis.
  5. Highlighter - Designed to help network analysts rapidly review log and other structured text files.
  6. Red Curtain - A software for incident responders that helps find and analyze unknown malware.
  7. Web Historian - Assists users in reviewing websites that are stored in the history files of the most commonly used browsers.