A representative of Morgan Stanley has demanded the removal of a document originally released by the online hacktivist group Anonymous. Morgan Stanley’s Computer Emergency Response Team (CERT) Physical Memory Standard Operating Procedures is a 23-page document that details procedures written by HBGary employee Phil Wallisch for Morgan Stanley’s CERT. The original source of the document is an email from Phil Wallisch to the Morgan Stanley CERT in June 2010. The document is available in other formats from a variety of sites hosting the AnonLeaks HBGary files.
Tag Archive for Morgan Stanley
Corporate
HBGary Morgan Stanley CERT Physical Memory Standard Operating Procedures
Memory forensics allows MSCERT to become more effective and agile regarding the acquisition of actionable intelligence. Traditional disk forensic approaches to investigations are slow and non-scalable. Large amounts of data must be acquired, transferred, and then analyzed. Memory forensics reveal what the true running state of a target system is at the time of acquisition. Hidden processes and other system activities are made available to an analyst by analyzing a smaller set of data than disk forensics. This document details Morgan Stanley’s (MS) Standard Operating Procedures (SOPs) for acquiring and analyzing physical memory using the HBGary forensic toolset. Fastdump Professional and Responder Professional usage are detailed through a case study methodology.