SANS Digital Forensics and Incident Response Blog

FOR610 Malware Analysis Course Toolkit Expansion

SANS courses are refreshed several times a year to keep them up-to-date with the latest tools and techniques. Some updates are more significant than others. We're excited to share some details about the revisions to the FOR610: Reverse-Engineering Malware course, which debuted in 2014.

FOR610 students now receive a pre-built Windows virtual machine (Windows REM Workstation). The cost of the Windows license is included in the tuition. REM Workstation is configured to make it easier for analysts to examine malware and includes tools that students will use through the course when performing hands-on exercises. Windows REM Workstation supplements the REMnux virtual machine, which students use in the course for utilities that run in a Linux environment.

Every FOR610 student now receives the course toolkit in the form of a USB key, which includes Windows REM Workstation and REMnux virtual machines, along with real-world malware samples that will be the basis of labs and experiments in the class.

The malware analysis toolkit is compatible with Windows 7 and 8 operating systems, and was expanded to include utilities such as PeStudio, setdllcharacteristics, signsrc, Fiddler, Scylla, just to name a few. The course also migrated from version 1 of OllyDbg to version 2, incorporating several plug-ins compatible with version 2 of the debugger. Lastly, the course update incorporates several new malware samples and analysis techniques.

This popular malware analysis course has helped forensic investigators, incident responders, security engineers and IT administrators acquire practical skills for examining malicious programs that target and infect Windows systems. To learn more about it, and to see what topics are covered on each day of the course, see the updated FOR610 description page.

For additional considerations about refreshing your malware analysis toolkit, take a look at the following posts: Tools for Analyzing Static Properties of Suspicious Files on Windows and Is OllyDbg Version 2 Ready for Malware Analysis?