You will be guided through the process of conducting malware analysis, from the basis surrounding the various analysis environments and 7 Safe's malware investigation methodologies to investigating network activity stemming from malicious software infection.

Audience:

Security Analysts, incident responders, computer Forensic investigator who have basic skills of malware analysis and want to know more about the Techniques and tools associated with gathering and responding to actionable intelligence.

Prerequisites:

  • Understanding of TCP/IP networking concepts is advantageous
  • Sound experience with Microsoft Windows required
  • Principles & general guidelines surrounding forensic investigation
  • Preliminary case considerations to evaluate when beginning a forensic investigation
Duration of the course: 4 days

Course outline:

Introduction to Malware Analysis:

  • Malware Taxonomy
  • Malware Threats
  • Malware Analysis Methodologies
  • Legal Considerations
  • Identifying and Protecting against Malware

Malware Hiding Places:

  • Collecting Malware from Live system
  • Identifying Malware in Dead system

Building a Malware Analysis Lab (Environment):

  • Virtual Machine
  • Real Systems
  • Malware Analysis Tools

Static Analysis:

  • Detailed File Analysis
  • Database of File Hashes
  • Identifying File Compile Date
  • Identifying Packing/Obfuscation Methods
  • Performing Strings
  • File Signature Analysis
  • Local and Online Malware Scanning
  • Identifying File Dependencies

Dynamic Analysis:

  • System Baselining
  • Host Integrity Monitor
  • Installation Monitor
  • Process Monitor
  • File Monitor
  • Registry Analysis/Monitoring
  • Network Traffic Monitoring/Analysis
  • Port Monitor
  • DNS Monitoring/Resolution
  • Simulating Internet Services

Code Analysis:

  • Reverse Engineering Malicious Code
  • Identifying Malware Passwords
  • Bypassing Authentication

Malicious Document Analysis:

  • PDF and Microsoft Office Document Structures
  • PDF and Office Documents Vulnerabilities
  • Malware Extraction and Analysis Tools
  • Analysis of Malicious Documents

Malware Challenges:

  • Virtual Environment
  • Live Internet Connection
  • Real, Fake, and Virtual Services
  • Anti-Debug and Anti-forensic Malware