M-unition -

APT Forensics M-unition Pack

By on February 13, 2009

 

I recently spoke at the DoD cybercrime conference on Advanced Persistent Threat (APT) forensics.  During the presentation I talked about several ways you can use forensics to answer difficult questions that arise once an APT incident is identified.  Some of these questions are:

  • What was the initial vector?
  • What did the attackers do exactly?
  • Was any sensitive data exposed for exfiltrated?
  • How do we successfully respond to the incident?

 

These questions can usually be answered easily if the response team has the right tools and methodology.  This is where the APT M-unition pack will help.  In this package are templates for forensic methodology, EnScripts to help with analysis, and the presentation given at DoD cybercrime. The forensic methodology template can be opened with NoteCase. NoteCase is available at the following link:

NoteCase

 

If anyone has questions on the use of the EnScripts or steps in the methodology feel free to contact me by email at kelcey.tietjen@mandiant.com. The APT M-unition pack can be acquired from below:

APT M-unition Pack

 

Kelcey

Category: The Armory

Comments

    Leave a Comment

Get M-Unition in Your Inbox:

Follow @mandiant

Follow @mandiant on twitter.

Career Opps @ Mandiant

We’re growing fast, but we’re as demanding as ever. Our clients come to us in their hours of need, so we need the best. That means more than just the right education and the right experience in information security.

As Mandiant continues to grow, we are able to offer certain positions in multiple locations. For details on the location(s) of each opening, please refer to the position descriptions.

Click here to view available positions.