DIGITAL FORENSICS
Malware Analysis
To have answers, you just need to know how to read them
>_ What to expect
The service involves a thorough examination of software to understand its behavior in detail and define the damage it can cause.
This activity is essential for determining the extent of a computer incident following the initial response phase.
>_ Operational Modes
Malware Sample Collection:
-
Phase 1: Involves collecting the malware itself.
This can be obtained from sources such as suspicious emails,
infected websites, compromised systems.
-
Dynamic and Behavioral Analysis: In this phase, the malware is executed
in a controlled environment, known as a sandbox, to observe its
real-time behavior.
-
Static Analysis: The malware's binary code is statically analyzed
to identify its functionalities and generate potential indicators of
compromise (IOCs).
-
Report Generation: At the end of the analysis activity,
a technical report is produced describing the evidence collected
during the analysis: useful for understanding the risk the client
faced in the event of a potential infection.
Sample Acquisition
Search and extraction of the sample from volatile memory or the file system.
Dynamic Analysis
Filesystem interactions, network connections, system calls (...).
Static Analysis
Reverse engineering of functions and creation of indicators of compromise (IOCs).
Description
Detailed description of the software and its level of danger. Recommendations for prevention and removal.