SANS Digital Forensics and Incident Response Blog: Category - Malware Analysis

#FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July

FOR526 - 10% Off for vLive (Online Live Training)orCapital City in July. Use code = m3mory FOR526 - 10% Off forvLive(Online Live Training)orCapital City in July. Use code = m3mory Continue reading #FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July


The Importance of Command and Control Analysis for Incident Response

Understanding how malicious software implements command and control (C2) is critical to incident response. Malware authors could use C2 to execute commands on the compromised system, obtain the status of the infection, commandeer numerous hosts to form a bot network, etc. This article explains how malware performs C2 functions and clarifies how this information can aid responders in detecting, analyzing, and remediating malware incidents. Continue reading The Importance of Command and Control Analysis for Incident Response


FOR610 Malware Analysis Course Toolkit Expansion

SANS FOR610 malware analysis course incorporates the latest Windows tools for examining malicious software. Students now receive a toolkit based on a pre-built Windows virtual machine. This toolkit supplements the Linux-based REMnux virtual machine that has been a staple of malware analysts' arsenal of utilities. Continue reading FOR610 Malware Analysis Course Toolkit Expansion


Tools for Analyzing Static Properties of Suspicious Files on Windows

Examining static properties of suspicious files is a good starting point for malware analysis. This effort allows you to perform an initial assessment of the file without even infecting a lab system or studying its code. Let's take a look at several free Windows tools that are useful for extracting such meta data from potentially-malicious executables. Continue reading Tools for Analyzing Static Properties of Suspicious Files on Windows


Is OllyDbg Version 2 Ready for Malware Analysis?

Many malware reverse-engineers consider OllyDbg a valuable part of their toolkit. The latest version 1 release of this powerful debugger has been showing its age. Fortunately, version 2.01 seems to be sufficiently mature to start displacing its predecessor as part of the malware analysis workflow. Here's what you can expect when starting to experiment with OllyDbg version 2.01. Continue reading Is OllyDbg Version 2 Ready for Malware Analysis?