Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: MIR-ROR Motile Incident Response - Respond Objectively Remediate SANS ISC InfoSec Forums

Watch ISC TV. Great for NOCs, SOCs and Living Rooms: https://isctv.sans.edu

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
MIR-ROR Motile Incident Response - Respond Objectively Remediate

Anybody who reads my diaries has long since figured out that I am a big fan of the Sysinternals tools.  So when long-time reader, regular contributor, and full time Uber-Dork Russ McRee from HolisticInfoSec.org pointed me at a new incident response tool based on the Sysinternals tools it immediately piqued my interest.. 

The tool is MIR-ROR - Motile Incident Response - Respond Objectively Remediate. MIR-ROR is a live response tool for Windows machines based on Sysinternals tools and other useful tools originally put together by Microsoft Forensics guru Troy Larson and now being maintained by HolisticInfosec.org. More info about MIR-ROR can be found on the HolisticInfoSec Blog and reviewed in the ISSA Journal Toolsmith series. The tool itself can be found at Codeplex.

I haven't had a chance to review MIR-ROR myself, so I would appreciate any of you who have spent any time with MIR-ROR to please provide your opinions via our contact page.  I will summarize as the day goes on.

 

-- Rick Wanner - rwanner at isc dot sans dot org

Rick

294 Posts
ISC Handler

Sign Up for Free or Log In to start participating in the conversation!