FIRST - Improving Security Together 18th Annual FIRST Conference - June 2006 - Baltimore, Maryland

RAPIER – A 1st Responders Info Collection Tool







Platinum Sponsor

BT



Silver Sponsor

Diageo



Local Host

CERT Coordination Center



Supporting Sponsors

Sun



Google



Hitachi



ISS



E-Secure-IT

Korea CertCC



Conference Schedule

Technical Track

Thursday – June 29th, 14:30

Topic

RAPIER (Rapid Assessment & Potential Incident Examination Report) is a security tool built to assist in malware collection and analysis. It is designed to acquire commonly requested information and samples during an information security event, incident, or investigation. RAPIER automates the entire process of data collection and delivers the results directly to the hands of a skilled security analyst. With the results, a security analyst is provided information which can aid in determining if a system has been compromised, and potentially determine the method of infection, the changes to the system, and determine how to recover/clean the system. RAPIER can also be used to provide anti-malware vendors with the information necessary to update their definitions files. It is the first tool within Intel that fully automates the entire process, thus enabling a highly effective means for rapid response to potential malware infections.

Outline

  • Problem Statement
  • Fundamental Operational Solution
  • Framework Engine
  • How to design your own modules
  • Feature Modules

Technical Detail

Moderate - we will cover what content the modules capture so understanding basic attributed of Microsoft Windows OS is helpful.

Audience

  • Incident Handlers
  • Investigators
  • Security Operations Center management/participants.

Authors & presenters

  • USJoseph Schwendt Presenter (IFT – Intel Corporation, US)

  • USSteven Mancini Presenter (IFT – Intel Corporation, US)


Conference Schedule