Presentation is loading. Please wait.

Presentation is loading. Please wait.

Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware.

Published byNeal Stone Modified over 8 years ago

Similar presentations

Presentation on theme: "Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware."— Presentation transcript:

1 Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware

2 Chapter Topics: Use various tools to monitor and analyze malicious code Use network monitoring tools to observe malware traffic Create malware analysis toolkit

3 The Purpose of Malware Analysis Malware is a weapon used by hackers to exploit vulnerable systems and networks These “tools” must be analyzed to understand the intent of the intruders Gain understanding about the impact done to target system(s) Understand how the intruder thinks

4 Tools and Techniques Constructing an effective toolkit for malware analysis –Assign a dedicated system –Isolate dedicated systems used for analysis –Use tools that analyze samples at binary level –Use tools that can analyze run time behavior –Consider freely available Internet-based resources

5 Analyzing Malicious Code Examine binary executable –Extract ASCII strings to expose: File names Attributes Error/success messages Author’s name Email or IP addresses Dependent DLLs Tools –EnCase, Ftk, X-ways –Strings –BinText –Dependency Walker –VirusTotal

6 Analyzing Malicious Code Dynamic Analysis –Monitor behavior of malicious code while its running live Sandbox Virtual Machines –RAM Analysis Tools –Process Monitor –Process Explorer –Wireshark

Download ppt "Mastering Windows Network Forensics and Investigation Chapter 10: Introduction to Malware."

Similar presentations

Analyzing and Exploiting Network Behaviors of Malware Jose Andre Morales Areej Al-Bataineh Shouhuai XuRavi Sandhu SecureComm Singapore, 2010 ©2010 Institute.

Analyzing and Exploiting Network Behaviors of Malware Jose Andre Morales Areej Al-Bataineh Shouhuai XuRavi Sandhu SecureComm Singapore, 2010 ©2010 Institute.
Detection Scenarios ReconWeaponizationDeliverExploitationInstallationC2 Act on Objectives File File - Name URI – Domain Name URI – URL HTTP - GET HTTP.

Detection Scenarios ReconWeaponizationDeliverExploitationInstallationC2 Act on Objectives File File - Name URI – Domain Name URI – URL HTTP - GET HTTP.
Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.

Next Generation Endpoint Security Jason Brown Enterprise Solution Architect McAfee May 23, 2013.
An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.

An Introduction to Computer Forensics James L. Antonakos Professor Computer Science Department.
Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.

Secure web browsers, malicious hardware, and hardware support for binary translation Sam King.
McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.

McGraw-Hill/Irwin Copyright © 2013 by The McGraw-Hill Companies, Inc. All rights reserved. Extended Learning Module H Computer Crime and Digital Forensics.
Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.

Information Networking Security and Assurance Lab National Chung Cheng University Investigating Hacker Tools.
Intrusion Detection Systems and Practices

Intrusion Detection Systems and Practices
Ragib Hasan Johns Hopkins University en.600.412 Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.

Ragib Hasan Johns Hopkins University en Spring 2011 Lecture 10 04/18/2011 Security and Privacy in Cloud Computing.
Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.

Information Networking Security and Assurance Lab National Chung Cheng University F.I.R.E. Forensics & Incident Response Environment.
Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek McAfee.

Defense Against the Dark Arts Defense Against The Dark Arts Christiaan Beek McAfee.
© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.

© 2012 IBM Corporation IBM Security Systems 1 © 2014 IBM Corporation IBM Security Network Protection (XGS) Advanced Threat Protection Integration Framework.
2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.

2004, Jei F.I.R.E. Forensics & Incident Response Environment Information Networking Security and Assurance Lab National Chung Cheng University.
INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.

INTRUSION DETECTION SYSTEMS Tristan Walters Rayce West.
In-Band Detection of Virtual Machines Estefan Ortiz & Cory Hayes Computer Science and Engineering Graduate Operating Systems December 16, 2011 1.

In-Band Detection of Virtual Machines Estefan Ortiz & Cory Hayes Computer Science and Engineering Graduate Operating Systems December 16,
MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.

MIRAGE CPSC 620 Project By Neeraj Jain Hiranmayi Pai.
Hands-on: Capturing an Image with AccessData FTK Imager

Hands-on: Capturing an Image with AccessData FTK Imager
Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.

Towards Network Containment in Malware Analysis Systems Authors: Mariano Graziano, Corrado Leita, Davide Balzarotti Source: Annual Computer Security Applications.
Www.SecurityXploded.com. Disclaimer The Content, Demonstration, Source Code and Programs presented here is AS IS without any warranty or conditions.

Disclaimer The Content, Demonstration, Source Code and Programs presented here is "AS IS" without any warranty or conditions.
13Computer Intrusions Dr. John P. Abraham Professor UTPA.

13Computer Intrusions Dr. John P. Abraham Professor UTPA.

Similar presentations

Ads by Google