SANS Digital Forensics and Incident Response Blog

SANS Reverse Engineering Malware in London (Forensics 610)

One of the our most popular classes is returning to London in December. Forensics 610: Reverse Engineering Malware has been selling out in the United States and is in high demand. As organizations grow the need to analyze and reverse complex malware is extremely important.

Many organizations in the United States are using fulltime malware analysts as a core part of their teams helping identify compromised systems by specifying exactly what type of traffic or what digital forensic footprint a piece of malware leaves on a machine. No longer will an organization have to "guess" where to look. With a malware analyst on their team, it makes it much easier to use actionable intelligence in order to find the hackers on your network.

Professionals who are looking for a challenging course to forward their careers should consider reverse engineering as one of the next steps in your path to becoming a lethal forensicator.

The course in London Monday 29 November - Friday 3 December 2010 is a must attend event for those in the EU or local to London. Do not miss out: REGISTER NOW

Reverse-Engineering: Malware Analysis Tools and Techniques Training

This malware analysis course prepares forensic investigators, incident responders and malware specialists to reverse-engineer malicious software using practical tools and techniques.

The Reverse-Engineering Malware (REM) course teaches a practical approach to examining malicious programs?spyware, bots, trojans, etc.?that target or run on Microsoft Windows. This training also looks at reversing web-based malware, such as JavaScript and Flash files, as well as malicious document files. By the end of the course, you'll learn how to reverse-engineer malicious software using a variety of system and network monitoring utilities, a disassembler, a debugger, and other tools for turning malware inside-out!

Course Overview: Learn Malware Analysis to Improve Incident Response and Forensics Skills

This unique course provides a rounded approach to reverse-engineering by covering both behavioral and code phases of the analysis process. As a result, the course makes malware analysis accessible even to individuals with a limited exposure to programming concepts. The materials do not assume that the students are familiar with malware analysis; however, the complexity of concepts and techniques increases as the course progresses.

The malware analysis process taught in this class helps incident responders assess the severity and repercussions of a situation that involves malicious software. It also assists in determining how to contain the incident and plan recovery steps. Forensics investigators also learn how to understand key characteristics of malware present on compromised systems, including how to establish indicators of compromise (IOCs) for scoping and containing the intrusion.