Description

INCOMPLETE SECTION OR ARTICLE

This section/article is being written and is therefore not complete.
Thank you for your comprehension.

Tools

Redline

Mandiant Redline is a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis.

IOC Editor

Mandiant's IOC Editor is a free editor for Indicators of Compromise (IOCs).

IOC Finder

Mandiant's IOC Finder is a free tool for collecting host system data and reporting the presence of Indicators of Compromise (IOCs).

Memoryze

Free memory forensics software designed to help incident responders find evil within live memory. Also available for Mac

Highlighter

Highlighter is designed to help security analysts and system administrators rapidly review log and other structured text files.

Web Historian

Assists users in reviewing websites that are stored in the history files of the most commonly used browsers.

PdbXtract

PdbXtract is a tool to help you explore symbolic type information as extracted from Microsoft programming database files.

ApateDNS

Mandiant ApateDNS is a tool for controlling DNS responses though an easy to use graphical user interface (GUI).

Heap Inspector

Mandiant Heap Inspector is a heap visualization and analysis tool. It has the ability to collect a process' heaps using both API and raw methods.

AuditParser

Converts the raw XML output generated by by Mandiant Intelligent Response, Redline, or IOC Finder into tab-delimited text files. These files contain extensive evidence from disk, registry, event logs, memory, and other parsed Windows artifacts that can be used for live response analysis.

Intelligent Response

Comments