SANS Digital Forensics and Incident Response Blog: Tag - malware forensics

When Cases Involve SSNs and Credit Card Data: "Sensitive Data Search and Baseline" Python Script

A key component of any investigation is the type of data exfiltrated. If sensitive data is on a compromised machine, risk is increased significantly. Also, there is a patch work of legislation covering various types of data which is considered sensitive (http://www.reyrey.com/regulations/). In general, social security and credit card numbers are at the top of … Continue reading When Cases Involve SSNs and Credit Card Data: "Sensitive Data Search and Baseline" Python Script


Installing the REMnux Virtual Appliance for Malware Analysis

REMnux is a lightweight Linux distribution for assisting malware analysts with reverse-engineering malicious software. Here is how to install the REMnux virtual appliance using common virtualization tools, such as VMware and VirtualBox, thanks to the Open Virtualization Format (OVF/OVA). Continue reading Installing the REMnux Virtual Appliance for Malware Analysis


Malicious Code Analysis: Michael Murr Explains How and Why

Michael Murr authored the malicious code analysis section of SANS' FOR610: Reverse-Engineering Malware course. In his brief interview, he shares his perspective on the role that code analysis plays in the reverse-engineering process, and how one might get better at this aspect of malware forensics. Continue reading Malicious Code Analysis: Michael Murr Explains How and Why