IOCs and RMOs

Posted by:  /  Tags: , , ,

Happy New Year to the digital forensics community from everyone here at Forensic Artifacts! We have been busy with some site changes and additions that will hopefully benefit everyone in the upcoming year.

First, we added a new subdomain,, to assist in sharing information based on Mandiant‘s OpenIOC initiative. The framework and tools released at for standardizing and sharing Indicators of Compromise (IOC) allow analysts to quickly identify artifacts of network intrusions. The XML .ioc file produced can easily be shared allowing other analysts to look for the same artifact on different networks.

We created as a place to categorize and share .ioc files. All that is needed is for an examiner to submit the .ioc file allowing us to populate the post and offer the .ioc for download, while other users can comment on the post to help make the .ioc stronger. Other than the Mandiant Forum, this is the only other repository we know of where users can share the IOCs they have created. By adding IOCs to the Forensic Artifacts website, our goal is to aid forensic examiners by having different types of information all under one roof. This should enhance the usefulness of the site and allow examiners to find the information they need much more efficiently.

Second, Rob Lee and SANS have graciously offered up a SANS Lethal Forensicator Coin for anyone submitting six or more artifacts or IOCs in any given year. There is a proud group of forensic analysts who currently possess one of these Round Metal Objects (RMO) and we are lucky enough to provide another avenue of earning the coin. The history of the coin and the term forensicator can be found on the link above. The rules for earning a coin through Forensic Artifacts are the same as the SANS Forensic Blog, simply submit six artifacts or IOCs in the span of a year and you’ll be eligible to earn the coin.

We’re looking forward to serving the community and watching the site grow. Please let us know if you have any suggestions or changes that will strengthen the site and enhance our ability to serve the digital forensics community.

Leave a Reply

Your Name: (required)

Your Email: (will not be published) (required)

Your Website:

Your Message:

submit comment