19 February
Noon, LT308 Huxley
| Title: | Malware Analysis |
|---|---|
| Abstract: | Malware is becoming increasingly prevalent and sophisticated in its approach and ability to evade detection. Although forensic analysis techniques must be tailored to the specific devices and systems under investigation, malware typically has some level of commonality, particularly within the more prevalent commercial malware families. Consequently, some aspects of the investigative process can be applied on a more generalised basis as an initial method of triage and discovery. An example of this type of triage process would likely focus on executable files, as this is typically how malware presents itself on a system, and start with elimination of 'known good' files. Following this may be analysis of areas of the disk and registry that allow programs to run on system start or at scheduled times or dates, particularly those which are installed to run under a particular user. This process may also include examination of specific areas of the system that malware commonly resides or installs itself, such as within the system32 or user folders. Unusual programs present in these areas, particularly if combined with some level of persistence, will warrant further investigation. Benefits of this approach comprise swift identification of common malware based on traits that do not rely on pre-existing signatures. This is not intended to, and cannot, be a catch-all process but it can provide an insight into characteristics indicative of malicious behaviour and focus an investigation towards those assets likely to be of the most interest. |
| Speaker Details: | Kathryn
|
