M-unition -

APT Forensics M-unition Pack

By on February 13, 2009


I recently spoke at the DoD cybercrime conference on Advanced Persistent Threat (APT) forensics.  During the presentation I talked about several ways you can use forensics to answer difficult questions that arise once an APT incident is identified.  Some of these questions are:

  • What was the initial vector?
  • What did the attackers do exactly?
  • Was any sensitive data exposed for exfiltrated?
  • How do we successfully respond to the incident?


These questions can usually be answered easily if the response team has the right tools and methodology.  This is where the APT M-unition pack will help.  In this package are templates for forensic methodology, EnScripts to help with analysis, and the presentation given at DoD cybercrime. The forensic methodology template can be opened with NoteCase. NoteCase is available at the following link:



If anyone has questions on the use of the EnScripts or steps in the methodology feel free to contact me by email at kelcey.tietjen@mandiant.com. The APT M-unition pack can be acquired from below:

APT M-unition Pack



Category: The Armory


    Leave a Comment

Get M-Unition in Your Inbox:

Follow @mandiant

Follow @mandiant on twitter.


From the Front Lines: It's the End of the Year as We Know It - 2014

Wed, Dec 3, 2014

2014 is drawing to a close, which means it’s time for Mandiant’s annual year-end review.

Join Richard Bejtlich, Chief Security Strategist at FireEye, Kelly Jackson Higgins, Executive Editor at DarkReading and Kristen Verderame, Chief Executive Officer at Pondera International as they share highlights from the past twelve months.

Register Today!

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.