Create an account Home  ·  Topics  ·  Downloads  ·  Your Account  ·  Submit News  ·  Top 10  
Modules
· Home
· Content
· FAQ
· Forensic Downloads
· Forensics Feedback
· Forums
· Members List
· Statistics
· Surveys
· Top 10
· Topics
· Training Reviews
· Web Links
· Your Account

Our Membership

Latest: williamlucas
New Today: 0
New Yesterday: 0
Overall: 29661

Computer Forensics
This is a free and open peer to peer medium for digital and computer forensics professionals and students. Please help us maintain it by contributing and perhaps linking to us from your own website.

Recent Posts

 Software to search an FTK Lite Mounted drive with keyword
 How much can be found?
 Computer Forensic in responding to Data Breach issues
 A bunch of numbers about digital evidences collection
 Computer forensic issue

Computer Forensics World Forums


Pages Served
We received
59554269
page views since August 2004

Security Sources

FTC
OnGuard Online
ISO 17799 ISO 27001
ISO 27000 Toolkit
ISO 27001 & 27000
Cryptography
Security Policies

Computer Forensics World: Forums

Computer Forensics World :: View topic - Malware analysis
 Forum FAQForum FAQ   SearchSearch   UsergroupsUsergroups   ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 

Malware analysis

 
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Digital Forensics: Getting Started
View previous topic :: View next topic  
Author Message
tamilachi
Newbie
Newbie


Joined: Jun 03, 2013
Posts: 5

PostPosted: Mon Jun 03, 2013 2:45 pm    Post subject: Malware analysis Reply with quote

hi everyone..
Need an help for my assignment
i was given an executable file and need to do forensic analysis on that..
Need suggestions about the tools need to used to find and the process of the analysis to write the full forensic report.
need this help from everyone.[/b][/quote]
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Mon Jun 03, 2013 11:06 pm    Post subject: Reply with quote

You have not given near enough information for anyone to help.

You did not give information on:
- The level of the class (are you a beginner, is this Graduate studies???)
- The kind of class (forensics, a programming class???)
- What previous work have you done along these lines in class? Surely this is not completely new material?
- What tools have you used in class so far?
- What is the function of the executable? Is this malware analysis? Is this code disassembly?

And those items just brush the surface of what we would need to know to help.
Back to top
View user's profile
tamilachi
Newbie
Newbie


Joined: Jun 03, 2013
Posts: 5

PostPosted: Wed Jun 05, 2013 11:50 pm    Post subject: Reply with quote

Sorry for didn't provide enough information.
currently Doing Final semester (Degree) specialized in computer security.
Its a forensic subject not programming. Basically learn about forensic tools.Helix, Autospy, OS forensic,wireshark,Nmap, Pe Explorer And more
For this task, Didnt get enough information about the tools used and process to find out the malware files and activities inside the EXE file.

The Question is
"At this assignment you supposed to analyze given sample of executable malware file. Please take note that there is possibility that the malware infects your machine as well so it is suggested to only run it in testing virtualized environment.
You need to compile a report with your analysis of the malware that includes:
-Description of your approach
-Description of the tools you used
-Description of high-level working of the malware
-Description of how did you test this working
-Triage of your findings

In addition, your report should include your suggestion to the management of the company that was infected by this malware around:
-Containment
-Threats
-Any firewall / IDS rules needed to be created
Back to top
View user's profile
PreferredUser
Newbie
Newbie


Joined: Jan 01, 2007
Posts: 1130
Location: USA

PostPosted: Thu Jun 06, 2013 3:30 am    Post subject: Reply with quote

So you have somewhat answered your own questions.

- You need to setup a virtualized environment
- You should benchmark the system before and after infection
- You should monitor the changes the malware makes to the system as it runs
- You should monitor the network traffic the malware generates

From there you will be able to deduce the suggestions to management.
Back to top
View user's profile
tamilachi
Newbie
Newbie


Joined: Jun 03, 2013
Posts: 5

PostPosted: Thu Jun 06, 2013 4:12 am    Post subject: Reply with quote

Suggest me perfect tools for It.
Back to top
View user's profile
cybercop
Newbie
Newbie


Joined: Nov 01, 2005
Posts: 551
Location: Marion, Indiana, USA

PostPosted: Thu Jun 06, 2013 5:01 am    Post subject: Reply with quote

If you are in your last term and don't know how to set up a virtual machine, benchmark it, monitor for changes, and monitor network traffic, then you need to ask the university for a refund. These are very basic things that you should have learned long before now. None actually involve any specific forensics tools.
Back to top
View user's profile
Display posts from previous:   
Post new topic   Reply to topic    Computer Forensics World Forum Index -> Digital Forensics: Getting Started All times are GMT + 10 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Powered by phpBB 2.0.10 © 2001 phpBB Group
phpBB port v2.1 based on Tom Nitzschner's phpbb2.0.6 upgraded to phpBB 2.0.4 standalone was developed and tested by:
ArtificialIntel, ChatServ, mikem,
sixonetonoffun and Paul Laudanski (aka Zhen-Xjell).

Version 2.1 by Nuke Cops 2003 http://www.nukecops.com

Forums ©

 

TMs property of their respective owner. Comments property of posters. 2007 Computer Forensics Science World.
Digital forensic computing news syndication: Computer Forensics Training News or UM Text
Software is copyrighted phpnuke.org (c)2003, and is free under licence agreement. All Rights Are Reserved.