Saturday, March 31, 2012
MIR-ROR 2.0 released
MIR-ROR 2.0 has been released as the project has benefited from Jon Mark Allen's (ubahmapk) many contributions, giving MIR-ROR some much needed attention.
MIR-ROR, or Motile Incident Response - Respond Objectively, Remediate, is a security incident response specialized, command-line script that calls specific Windows Sysinternals tools, as well as some other useful utilities, to provide live capture data for investigation.
You can easily enhance MIR-ROR to your liking with whatever command line tools you find useful.
For incident response resource, we’ve found it indispensable.
Windows Systinternals licensing prevents us from bundling the tools in a distribution package; you’ll have to retrieve them for yourself. You can download the complete Sysinternals Suite, along with the other utilities needed, and unpack in a preferred directory on your system (C:\tools\MIR-ROR). Check fetch.txt for everything you need to download.
Please feel free to submit suggestions or fixes via Issue Tracker and we'll review potential updates for future releases.
You can read the complete ISSA Journal article, MIR-ROR: Motile Incident Response - Respond Objectively, Remediate, here.
Subscribe to:
Post Comments (Atom)
Moving blog to HolisticInfoSec.io
toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...
-
Continuing where we left off in The HELK vs APTSimulator - Part 1 , I will focus our attention on additional, useful HELK features to ...
-
As you weigh how best to improve your organization's digital forensics and incident response (DFIR) capabilities heading into 2017, cons...
-
When, in October and November 's toolsmith posts, I redefined DFIR under the premise of D eeper F unctionality for I nvestigators in R ...
4 comments:
Thanks for this tool. I have a problem using it. With ntfscopy v0.69 (the only one I can find), the script exits everytime it call ntfscopy. I think this is a big problem, because the script heavily depends on it
Thanks for this tool. I have a problem using it. With ntfscopy v0.69 (the only one I can find), the script exits everytime it call ntfscopy. I think this is a big problem, because the script heavily depends on it
cachmon: I'm using v0.65 of ntfscopy, but will download v0.69 and try to duplicate the issue. Can you provide any other details? (maybe in the Issue Tracker on codeplex so we don't fill up the comments here :-)
Thanks.
Jon Mark
cachmon: I'm using v0.65 of ntfscopy, but I'll download 0.69 and see if I can duplicate the issue. Can you provide any other details? (Maybe in the Issue Track on Codeplex, so we don't fill up the comments here. :-)
Thanks.
Jon Mark
Post a Comment