![]() The goal of the incident response process is determining root cause and impact to ultimately succeed in recovery. While performing an incident response engagement, we really have to focus on efficiency and effectiveness. Four Stages of Malware Analysis by Lenny Zeltser Sometimes though we need to do a little more analysis on a suspicious file. ![]() They are easy to use and certainly should be part of the incident responder’s tool kit. These types of tools provide quick answers, but little in the way of interaction by the analyst. Many of you likely have experience using fully-automated analysis provided by tools such as ThreatGrid. Starting from the easiest to use, fully-automated analysis, we move up into static property analysis, then to interactive behavior analysis, and finally into full manual code reversing. Lenny Zeltser groups malware analysis into four stages. With an understanding of how to develop those indicators ourselves, we can quickly execute a response plan without needing to wait on full analysis. We need to develop indicators of compromise to complete the identification phase of the incident response process with some degree of haste. ![]() Reverse engineering a file can take weeks or months to complete and takes a level of skill which few individuals maintain. Time is rarely on our side to perform deep analysis of the potentially malicious file. ![]() In this blog, I’ll share some recommended approaches that have worked for our Incident Response team. As a cybersecurity incident responder, I always end up performing some level of malicious file analysis. Identifying and eliminating them are critical in minimizing the impact of a breach. Malware is one of the most prevalent and most insidious forms of cyber attack.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |