Secuobs.com : 2012-07-19 20:08:35 - M unition - Mandiant RedlineTM and IOC Finder TM collect and parse a huge body of evidence from a running system In fact, they re based on the same agent software as our flagship Mandiant Intelligent Response product During the course of their audits , these tools conduct comprehensive analysis of the file system including hashing, time stamps, parsing of PE file structures, and digital signature checks , registry hives, processes in memory, event logs, active network connections,DNS cache contents,web browser history, system restore points, scheduled tasks, prefetch entries, persistence mechanisms, and much more Read the rest
↧