SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

ProcDOT - Visual Malware Analysis

Dear like-minded people, I'm very proud to announce that our (CERT.at - CERT Austria) latest contribution to the malware analysis community is finally available as open beta. It's called ProcDOT - I already gave a preview of the alpha version some months ago at SANS Forensics Summit in Prague - and it is an absolute … Continue reading ProcDOT - Visual Malware Analysis


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3

In this interview, Jake Williams discusses his perspective on the various approaches to reverse-engineering malware, including behavioral, dynamic and static analysis as well as memory forensics. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 3


Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 2

In this interview, Jake Williams shares advice on acting upon the findings produced by the malware analyst. He also clarifies the role of indicators of compromise (IOCs) in the incident response effort. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering - Part 2


Jake Williams' Tips on Malware Analysis and Reverse-Engineering

In this interview, Jake Williams discusses his perspectives on getting into digital forensics, crafting a strong malware analysis reports and making use of the analyst's findings. Jake is an incident responder extraordinaire, who teaches SANS' FOR610: Reverse-Engineering Malware course. Continue reading Jake Williams' Tips on Malware Analysis and Reverse-Engineering


Digital Forensics Case Leads: Sleeper Malware targets diplomatic entities in Europe & Asia, banking trojan travelling through Skype, DropBox decryption, PE file analysis, and retrieving iPhone VoiceMail

In this issue of Case Leads, Magnet Forensics updates its IEF with new neat features, Analysing PE file with python, retrieving iPhone voicemail with Perl, sleeper APT target diplomats, banking trojans travelling through Skype... Continue reading'' this week of Case Leads. If you have an item you'd like to contribute toDigital Forensics Case Leads, please … Continue reading Digital Forensics Case Leads: Sleeper Malware targets diplomatic entities in Europe & Asia, banking trojan travelling through Skype, DropBox decryption, PE file analysis, and retrieving iPhone VoiceMail