2. CONTENTS
WHAT IS MALWARE & WHAT CAN MALWARE DO?
TYPES OF MALWARE
FROM MALWARE ANALYSIS TO MALWARE FORENSICS
MALWARE FORENSIC
SYMPTOMS OF INFECTED SYSTEMS
PROCEDURE/INVESTIGATIVE APPROACH STATIC & DYNAMIC
ANALYSIS
MALWARE ANALYSIS TOOLS
KEY DIFFERENCE BETWEEN STATIC & DYNAMIC
THE CONCLUSION
3. WHAT IS MALWARE & WHAT
CAN MALWARE DO?
Malware or Malicious software is a program that runs as
an executable file such as script, code, or any other
software.
4.
5. From Malware
Analysis To Malware
Forensics
Malware analysis is the practice of
determining the functionality,
source and possible impact of a
given malware such as a virus,
worm, Trojan horse, rootkit, or
backdoor.
Result of malware analysis must be
accurate
As a result, malware analysis has
become a forensic discipline
6. MALWARE FORENSIC
It is a way of finding, analyzing & investigating
various properties of malware to seek out the
culprits and reason for the attack.
Includes tasks like checking out the malicious
code, determining its entry, method of
propagation, impact on the system, ports it tries to
use etc.
Detection -1st Step
Static Analysis
Dynamic Analysis
11. KEY DIFFERENCE
STATIC MALWARE
Static malware analysis is signature
based
The code is not executed during
static analysis
Static analysis is simple and just
observes the behavior of the
malware and attempts to analyze
its capabilities.
Static analysis works for the
common malware
Static analysis works for the
common malware
DYNAMIC MALWARE
Dynamic analysis is behavior-base
The malware code is run in a
sandbox environment.
Dynamic analysis performs a more
thorough kind of analysis of the
actions, the functionalities and the
impact of the malware, with the
analyst studying it at each and
every phase of its deployment and
functioning.
Dynamic analysis, being behavior-
based, is needed for the more
sophisticated and advanced kind of
malware
12. The conclusion
Malware analysis is of utmost importance since it helps understand malware
infections and stop malware from spreading into other systems, files,
directories etc.
Malware analysis, static as well as dynamic, helps understand malware and
their functioning in a better way and also helps us prevent further attacks in
a very effective manner.