There is many way to investigate malware and to “find evil” in an unknown executable. There will be situation where looking at a list of running processes won’t give you information to raise a red flag. You can always go deeper and perform more manual analysis. Even though this might be fun it might also be very time consuming…and we don’t always have the luxury of time neither the resources.
Analysis of mutexes (sometime called mutant) can be a pretty good way to continue your analysis and find more evidence of “evil”.
Continue reading “Mutexes and malware analysis”
Microsoft has released an updated version of the sysinternals tools recently. This update include a tool named: sysmon. You can find all details from the TechNet website by following this link: http://technet.microsoft.com/en-us/sysinternals/dn798348.aspx
In short the tool will provides detailed information about process creations, network connections, and changes to file creation time. As you can guess this sounds like the perfect addition for your lab!
Continue reading “sysmon form sysinternals”
Jack Crook has posted a new DFIR challenge a few days ago. Let’s have a look at the challenge and also to my answers.
Obviously if you want to enjoy the challenge then don’t read this article, go on the challenge page, download what’s necessary and go have some fun first!
Continue reading “DFIR Challenge – ISSA 2013 – My Answers”