Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: InfoSec Handlers Diary Blog - SANS Internet Storm Center InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

MIR-ROR Motile Incident Response - Respond Objectively Remediate

Published: 2009-06-11
Last Updated: 2009-06-11 12:19:48 UTC
by Rick Wanner (Version: 1)
0 comment(s)

Anybody who reads my diaries has long since figured out that I am a big fan of the Sysinternals tools.  So when long-time reader, regular contributor, and full time Uber-Dork Russ McRee from pointed me at a new incident response tool based on the Sysinternals tools it immediately piqued my interest.. 

The tool is MIR-ROR - Motile Incident Response - Respond Objectively Remediate. MIR-ROR is a live response tool for Windows machines based on Sysinternals tools and other useful tools originally put together by Microsoft Forensics guru Troy Larson and now being maintained by More info about MIR-ROR can be found on the HolisticInfoSec Blog and reviewed in the ISSA Journal Toolsmith series. The tool itself can be found at Codeplex.

I haven't had a chance to review MIR-ROR myself, so I would appreciate any of you who have spent any time with MIR-ROR to please provide your opinions via our contact page.  I will summarize as the day goes on.


-- Rick Wanner - rwanner at isc dot sans dot org

0 comment(s)
Diary Archives