APT Forensics M-unition Pack
I recently spoke at the DoD cybercrime conference on Advanced Persistent Threat (APT) forensics. During the presentation I talked about several ways you can use forensics to answer difficult questions that arise once an APT incident is identified. Some of these questions are:
- What was the initial vector?
- What did the attackers do exactly?
- Was any sensitive data exposed for exfiltrated?
- How do we successfully respond to the incident?
These questions can usually be answered easily if the response team has the right tools and methodology. This is where the APT M-unition pack will help. In this package are templates for forensic methodology, EnScripts to help with analysis, and the presentation given at DoD cybercrime. The forensic methodology template can be opened with NoteCase. NoteCase is available at the following link:
If anyone has questions on the use of the EnScripts or steps in the methodology feel free to contact me by email at firstname.lastname@example.org. The APT M-unition pack can be acquired from below: