SANS Digital Forensics and Incident Response Blog: Tag - Malware Analysis

Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!

Hundreds of SANS Institute digital forensics students have stepped up to the challenge and conquered. They've mastered the concepts and skills, beat out their classmates, and proven their prowess. These are the elite, the recipients of the SANS Lethal Forensicator Coin, an award given to a select portion of the thousands of students that … Continue reading Coin Check: Win the challenge, join the elite list of lethal forensicators & take home a brand new DFIR challenge coin!


Three Steps to Communicate Threat Intelligence to Executives.

As the community of security professionals matures there is a merging of the intel community, the incident response professionals, and security operations. One struggle folks have is how to make the threat intelligence actionable for the business. You have the large data from Recorded Future, yet, how do you apply the data in a practical … Continue reading Three Steps to Communicate Threat Intelligence to Executives.


Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware

ProcDOT is a free tool for analyzing the actions taken by malware when infecting a laboratory system. ProcDOT supports plugins, which could extend the tool's built-in capabilities. This article looks at two plugins that help examine contents of the network capture file loaded into ProcDOT. Continue reading Using ProcDOT Plugins to Examine PCAP Files When Analyzing Malware


How to Install SIFT Workstation and REMnux on the Same Forensics System

Combine SIFT Workstation and REMnux on a single system to create a supercharged Linux toolkit for digital forensics and incident response tasks. Here's how. Continue reading How to Install SIFT Workstation and REMnux on the Same Forensics System


Running Malware Analysis Apps as Docker Containers

A new REMnux project initiative provides Docker images of Linux applications useful for malware analysis to offer investigators easier access to malware forensics tools. Docker is a platform for packaging, running and managing applications as "containers," as a lightweight alternative to full virtualization. Several application images are available as of this writing, and you can contribute your own as a way of experimenting with Docker and sharing with the community. Continue reading Running Malware Analysis Apps as Docker Containers