Support | Blog | Emergency IR | User Forums | Careers | Contact Us
Home > Products > Free Software

products

MANDIANT IOC Finder Best Practices

image

The MANDIANT consultants have created this useful field guide to illustrate using MANDIANT IOC Finder in a responsible, risk-adverse way.

Read it now.
IOC Useful Links

Support/Forums:
OpenIOC
MANDIANT IOC Finder
MANDIANT IOC Editor

OpenIOC Website:
www.OpenIOC.org

White Paper:
An Introduction to OpenIOC

OpenIOC Inquiries:
info@openioc.org

User Guide:
MANDIANT IOC Finder

Free Software

image
MANDIANT IOC Finder is a free tool for collecting host system data and reporting the presence of Indicators of Compromise (IOCs). More
image
MANDIANT IOC Editor is a free editor for Indicators of Compromise (IOCs). More

image

MANDIANT Redline is a free utility that accelerates the process of triaging hosts suspected of being compromised or infected while supporting in-depth live memory analysis

Current Version: Redline 1.1.1
Release Date: February 3, 2012

More
image
Free memory forensics software designed to help incident responders find evil within live memory.

Current Version: Memoryze 2.0
Release Date: October 17, 2011

More
image
Highlighter is designed to help security analysts and system administrators rapidly review log and other structured text files. More
image
Audit Viewer is an open source tool that allows users to examine the results of Memoryze's analysis. More
image
Software for incident responders that helps find and analyze unknown malware. More
image
Assists users in reviewing websites that are stored in the history files of the most commonly used browsers. More
image
MIR Lite-CDT is a command line utility based on technology from MANDIANT's Intelligent Response enterprise product. More
MANDIANT ApateDNS
ApateDNS is a tool for controlling DNS responses though an easy to use GUI. As a phony DNS server, ApateDNS spoofs DNS responses to a user-specified IP address by listening on UDP port 53 on the local machine. ApateDNS also automatically sets the local DNS to localhost. Upon exiting the tool, it sets back the original local DNS settings. More
MANDIANT Find Evil
A malware discovery tool which uses disassembly to detect packed executables. More
MANDIANT Heap Inspector
Heap Inspector is a heap visualization and analysis tool. It has the ability to collect a process' heaps using both API and raw methods. More
MANDIANT Metasploit Forensic Framework
The Metasploit Forensic Framework (MSFF) is a proof of concept tool that can potentially reconstruct an attacker's meterpreter sessions, allowing analysts to see some of the commands sent and received by the attacker from the metasploit console to the meterpreter server. It can give analysts a much better picture of what occurred. More
MANDIANT MindSniffer
MindSniffer is a tool that will allow the user to translate snort signatures to either XML jobs or Python plug-ins that can be used to identify processes containing strings that match snort signatures. More
MANDIANT Restore Point Analyzer
A simple forensic tool to analyze change.log files from restore points to determine the original paths and file names of files stored inside restore points. More
Home > Products > Free Software

Washington, DC Headquarters:

Phone: +1.703.683.3141
Toll free: 1.800.647.7020

Office Locations:

Washington, DC
New York
Los Angeles
San Francisco
Reston, VA
© 2011 MANDIANT Corporation. All Rights Reserved.