Technical Track
Topic
RAPIER (Rapid Assessment & Potential Incident Examination Report) is a security tool built to assist in malware collection and analysis. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. With the results, a security analyst is provided information which can aid in determining if a system has been compromised, and potentially determine the method of infection, the changes to the system, and determine how to recover/clean the system. RAPIER can also be used to provide anti-malware vendors with the information necessary to update their definitions files. It is the first tool within Intel that fully automates the entire process, thus enabling a highly effective means for rapid response to potential malware infections.Outline
- Problem Statement
- Fundamental Operational Solution
- Framework Engine
- How to design your own modules
- Feature Modules
Technical Detail
Moderate - we will cover what content the modules capture so understanding basic attributed of Microsoft Windows OS is helpful.Audience
- Incident Handlers
- Investigators
- Security Operations Center management/participants.
http://www.first.org/conference/2006/papers/mancini-steve-slides.pdf
Type: Slides
Format: application/pdf
Last updated: May 18, 2006
Size: 493 Kb
http://www.first.org/conference/2006/papers/mancini-steve-slides.pdf
Type: Slides
Format: application/pdf
Last updated: July 12, 2006
Size: 493 Kb
http://www.first.org/conference/2006/papers/mancini-steve-papers.pdf
Type: Paper
Format: application/pdf
Last updated: July 12, 2006
Size: 213 Kb
Authors & presenters
(IFT – Intel Corporation, US)
