Anybody who reads my diaries has long since figured out that I am a big fan of the Sysinternals tools. So when long-time reader, regular contributor, and full time Uber-Dork Russ McRee from HolisticInfoSec.org pointed me at a new incident response tool based on the Sysinternals tools it immediately piqued my interest..
The tool is MIR-ROR - Motile Incident Response - Respond Objectively Remediate. MIR-ROR is a live response tool for Windows machines based on Sysinternals tools and other useful tools originally put together by Microsoft Forensics guru Troy Larson and now being maintained by HolisticInfosec.org. More info about MIR-ROR can be found on the HolisticInfoSec Blog and reviewed in the ISSA Journal Toolsmith series. The tool itself can be found at Codeplex.
I haven't had a chance to review MIR-ROR myself, so I would appreciate any of you who have spent any time with MIR-ROR to please provide your opinions via our contact page. I will summarize as the day goes on.
-- Rick Wanner - rwanner at isc dot sans dot org
Jun 11th 2009
1 decade ago