Saturday, October 10, 2009

MIR-ROR 1.2 to debut at Digitial Crimes Consortium 2009

I'm pleased to announce that MIR-ROR 1.2 is now available.
This is noteworthy on the eve of the Digital Crimes Consortium 2009 on Microsoft campus in Redmond, WA this coming week, where I'll be discussing the The AntiMalware Lifecycle with Tareq Saade from the Microsoft Malware Protection Center (MMPC).
I'll be covering the incident response part of the life-cycle while Tareq will provide much insight on the anitvirus detection and signature creation process.
As part of my discussion on incident response in major enterprise data centers, I've included MIR-ROR, as it was created for just such a purpose. More succinctly, we use the tool we created, and I'll demonstrate specifics.
If you aren't aware of MIR-ROR: Motile Incident Response – Respond Objectively, Remediate MIR-ROR, it' a security incident response specialized, command-line script that calls specific Windows Sysinternals tools, as well as some other useful gems, to provide live capture data for investigation.
You can read the complete ISSA Journal article, MIR-ROR: Motile Incident Response – Respond Objectively, Remediate, here.

Three people made contributions to the MIR-ROR 1.2 release.
Much thanks to:
Javi Perojo, Jim Krev, and Chris Dalessandro

MIR-ROR 1.2 includes:
1) Improved directory and log naming
2) Writes EULA acceptance to registry, removes -accepteula switch from command strings
3) Logs MAC times to separate logs for target drive
4) Adds OpenPorts
5) Collects all event logs, tab separated, written to individual log files

If you intend to be at DCC 2009, please say hi.
I'll also be presenting security visualization methods at SecureWorld Expo Seattle later this month. If I don't see you at DCC, perhaps I'll see you at SecureWorld.

Cheers.

del.icio.us | digg | Submit to Slashdot

Please support the Open Security Foundation (OSVDB)

No comments:

Moving blog to HolisticInfoSec.io

toolsmith and HolisticInfoSec have moved. I've decided to consolidate all content on one platform, namely an R markdown blogdown sit...