SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

Acquiring a Memory Dump from Fleeting Malware

Introduction The acquisition of process memory during behavioural analysis of malware can provide quick and detailed insight. Examples of where it can be really useful include packed malware, which may be in a more accessible state while running, and malware, which receives live configuration updates from the internet and stores them in memory. Unfortunately the … Continue reading Acquiring a Memory Dump from Fleeting Malware


Uncovering Targeted Web-Based Malware Through Shapeshifting

Targeted Web-Based Malware? Malware authors are frequently observed leveraging server side scripting on their infrastructure to evade detection and better target their attacks. This includes both exploit kits and servers hosting secondary stage payloads, all of which can easily be set up to alter their responses based on the footprint of the visitor. This could … Continue reading Uncovering Targeted Web-Based Malware Through Shapeshifting


Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!

Hundreds of SANS Institute digital forensics students have stepped up to the challenge and conquered. They've mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of the SANS Lethal Forensicator Coin, an award given to a select portion of the thousands of students that … Continue reading Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!


4 Cheat Sheets for Malware Analysis

DFIR professionals have much to remember. Conveniently, 4 of Lenny Zeltser's cheat sheets summarize key tools and techniques for analyzing and reverse-engineering malicious software. Continue reading 4 Cheat Sheets for Malware Analysis


Three Steps to Communicate Threat Intelligence to Executives.

As the community of security professionals matures there is a merging of the intel community, the incident response professionals, and security operations. One struggle folks have is how to make the threat intelligence actionable for the business. You have the large data from Recorded Future, yet, how do you apply the data in a practical … Continue reading Three Steps to Communicate Threat Intelligence to Executives.