Malware Incident Response Training

How To Master Malware Analysis

Course Notes

• Acquisition
  • Disk
  • Memory
  • Packet
  • Master File Table (MFT)
  • Change Logs
  • Volume Shadow Copies
  • Prefetch
  • Event lost
  • Data streams
  • Registry Hives
• Basic Stat Analysis – Strings
• Basic Stat Analysis – Windows Commands (APIs)
• Dynamic Analysis
• Static Analysis

Reference

• https://www.facebook.com/MaltrakTraining/
• https://www.youtube.com/watch?v=1nXWQVpRfCk

Books

• The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
  • https://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098

Tools

• https://websploit.org/
• SFIT VM
  • https://digital-forensics.sans.org/community/downloads
• Flare VM
  • https://www.fireeye.com/services/freeware.html
• IDA Pro
  • https://www.hex-rays.com/products/ida/support/download_freeware/
  • https://reverseengineering.stackexchange.com/questions/1817/is-there-any-disassembler-to-rival-ida-pro
• Memory Acquisition
  • Redline
  • Dumpit
• Autopsy
• Plaso
• Volatility
  • https://github.com/volatilityfoundation/volatility
• Cuckoo Sandbox
• SANs Cheat sheets
  • https://www.sans.org/blog/4-cheat-sheets-for-malware-analysis/
  • https://www.sans.org/blog/the-ultimate-list-of-sans-cheat-sheets/
• Velociraptor
  • https://www.velocidex.com/
• Timesketch
  • https://timesketch.org/
• Kape