SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

26 Sep 2019

The State of Malware Analysis: Advice from the Trenches

0 comments Posted by Lenny Zeltser
Filed under Computer Forensics, Computer Forensics and IR Summit, Incident Response, Malware Analysis, Reverse Engineering

What malware analysis approaches work well? Which don't? How are the tools and methodologies evolving? The following discussion-captured as anMP3 audio file-offers friendly advice from 5 malware analysts. These are some of the practitioners who teach thereverse-engineering malware course(FOR610) at SANS Institute: Jim Clausing: Security Architect at AT&T and Internet Storm Center Handler(Panelist) Evan Dygert:Senior … Continue reading The State of Malware Analysis: Advice from the Trenches


Tags: Computer Forensics, Digital Forensics, malware, Malware Analysis
11 Jan 2019

Investigate and fight cyberattacks with SIFT Workstation

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Case Leads, Computer Forensics, Computer Forensics and IR Summit, Email Investigations, Evidence Acquisition, Evidence Analysis, Incident Response, Malware Analysis, Memory Analysis, Mobile Device Forensics, Network Forensics, Registry Analysis, SIFT Workstation, Threat Hunting

Digital forensics and incident response (DFIR) has hit a tipping point. No longer just for law enforcement solving cybercrimes, DFIR tools and practices are a necessary component of any organization's cybersecurity. After all, attacks are increasing daily and getting more sophisticated - exposing millions of people's personal data, hijacking systems around the world and … Continue reading Investigate and fight cyberattacks with SIFT Workstation

09 Jan 2019

Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Computer Forensics, Computer Forensics and IR Summit, Cyber Threat Intelligence, Incident Response, Malware Analysis, Memory Analysis, Windows Memory Forensics

Many experienced security analysts end up repeating the same investigative playbook for similar types of cases day after day. They become technical experts but siloed into a single lane of investigative scenario, whether it be intellectual property theft, malware or intrusion investigations. With the rapid evolution of fileless malware and sophisticated anti-forensics mechanisms, security … Continue reading Go Big with Bootcamp for Advanced Memory Forensics and Threat Detection

07 Jan 2019

SANS FOR585 Q&A: Smartphone Forensics - Questions answered

0 comments Posted by sansdfir
Filed under Case Leads, Computer Forensics, Evidence Analysis, FOR585 Smartphone Forensics course Q&A, iOS, Malware Analysis, Mobile Device Forensics, smartphone

Learning doesn't stop when you leave the SANS classroom. Instructors Domenica "Lee" Crognale, Heather Mahalik and Terrance Maguire answer some of the most common questions from FOR585 Smartphone Forensics course students in these short videos: 1) Using Hashcat to Crack an Encrypted iTunes Backup:Acquiring a locked iOS can be difficult so an iTunes … Continue reading SANS FOR585 Q&A: Smartphone Forensics - Questions answered

14 Nov 2018

Shortcuts for Understanding Malicious Scripts

0 comments Posted by sansdfir
Filed under Advanced Persistent Threat, Case Leads, Computer Forensics, Evidence Acquisition, Evidence Analysis, Incident Response, Malicious Scripts, Malware Analysis, Reverse Engineering, Threat Hunting

You are being exposed to malicious scripts in one form or another every day, whether it be in email, malicious documents, or malicious websites. Many malicious scripts at first glance appear to be impossible to understand. However, with a few tips and some simple utility scripts, you can deobfuscate them in just a few minutes. … Continue reading Shortcuts for Understanding Malicious Scripts

Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.





Share

Categories
Recent Posts
Archives
Links
Latest Blog Posts

Kick off the new year with the industry’s top CTI experts at the SANS Cyber [...]
December 10, 2019 - 5:43 PM

Cloud Storage Acquisition from Endpoint Devices
October 30, 2019 - 8:56 PM

The State of Malware Analysis: Advice from the Trenches
September 26, 2019 - 2:02 PM

Latest Tweets @sansforensics

This Friday 12/13/19 at Noon CST The Forensic Lunch! Join R [...]
December 13, 2019 - 1:00 AM

Mari brings 20 years of experience in the IT industry, inclu [...]
December 13, 2019 - 12:00 AM

Join us for Forensic Lunch tomorrow at 10AM PST with Certifi [...]
December 12, 2019 - 11:05 PM

Latest Papers

Threat Hunting and Incident Response in a post-compromised environment
By Rukhsar Khan

Automated Detection and Disinfection of Ransomware Attacks using Roadblock Software
By Hemant Kumar

ATT&CKing Threat Management: A Structured Methodology for Cyber Threat Analysis
By Andy Piazza

"Rob is great, just like all of the other SANS instructors I've had."
- Chris O'Keefe, The Community Preservation Corp

"For my line of work, basic & extensive understanding of the file system is extremely important. The literature and books on file systems for me are very critical & thanks you for them, great reference material"
- Vince Ramirez, Las Vegas Metro P.D.

"Rob Lee is a master of the subject matter. The material is presented in a way that is understandable. Rob is also charismatic enough to make the course enjoyable."
- Erik Ketlet, JP Morgan Chase