SANS Digital Forensics and Incident Response Blog: Category - Incident Response

FOR610 Malware Analysis Course Toolkit Expansion

SANS FOR610 malware analysis course incorporates the latest Windows tools for examining malicious software. Students now receive a toolkit based on a pre-built Windows virtual machine. This toolkit supplements the Linux-based REMnux virtual machine that has been a staple of malware analysts' arsenal of utilities. Continue reading FOR610 Malware Analysis Course Toolkit Expansion


Tools for Analyzing Static Properties of Suspicious Files on Windows

Examining static properties of suspicious files is a good starting point for malware analysis. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables. Continue reading Tools for Analyzing Static Properties of Suspicious Files on Windows


Is OllyDbg Version 2 Ready for Malware Analysis?

Many malware reverse-engineers consider OllyDbg a valuable part of their toolkit. The latest version 1 release of this powerful debugger has been showing its age. Fortunately, version 2.01 seems to be sufficiently mature to start displacing its predecessor as part of the malware analysis workflow. Here's what you can expect when starting to experiment with OllyDbg version 2.01. Continue reading Is OllyDbg Version 2 Ready for Malware Analysis?


The Many Fields of Digital Forensics and Incident Response

As the world of information technology grows in size and complexity, sectors within the IT industry become more and more specialized. Within IT, information security used to be considered niche. Nowadays, saying that your're an infosec professional positions you as somewhat of a generalist. After all, within the infosec field there are several specialization areas, including compliance, pen testing, application security. Even within the area of digital forensics and incident response, many sub-fields have emerged, as discussed in this post. Continue reading The Many Fields of Digital Forensics and Incident Response


APT Malware and Memory Challenge

The memory image contains real APT malware launched against a test system. Your job? Find it. The object of our challenge is simple: Download the memory image and attempt to answer the 5 questions. DOWNLOAD LINK FOR MEMORY IMAGE:http://dfir.to/APT-Memory-Image Questions: What is the Process ID of the rogue process on the system? Determine the name … Continue reading APT Malware and Memory Challenge