Entries filed under 'Forensics'
Threat Research Blog
The FireEye Labs team posts blog entries under threat research to present and discuss cyber attacks and threat intelligence from a technical perspective. They cover the full spectrum of exploits and vulnerabilities, including advanced malware and targeted threats.
September 26, 2012 4:46 PM By Jeff Hamm
September 24, 2012 3:50 PM By Richard Bejtlich
Mandiant will host its third annual MIRcon on October 17th and 18th in Washington, DC. I attended the previous two MIRcon conferences, first as Director of Incident Response for my previous employer, and last year as Mandiant's Chief Security Officer. Last year we decided to host both a technical and management track during the two day event. I thoroughly enjoyed working with speakers for the management track portion of the conference and am excited to be working on the track this year! In this post I'd like to introduce a few of the themes for the management track.Read more...
September 18, 2012 7:23 PM By William Ballenthin
July 21, 2011 12:05 AM By William Ballenthin
Recently, I wanted to dig deep into a forensic artifact resident in the Windows Registry. To make the task more interesting, I challenged myself to use only tools native to my favorite operating system: Linux. I was quickly disappointed, however, as there are few open and cross-platform tools for Windows Registry forensics beyond Perl's Win32::Registry. So, I wrote a tool to fill this void using Python - my favorite programming language. Python-registry is the result of this effort, and provides convenient access to Windows Registry files. Since it is pure Python, it can be used on all major operating systems.Read more...