cheatsheet for malware suspicion

General (Technical, Procedural, Software, Hardware etc.)

Last Post by juju22 16 years ago

1 Posts

1 Users

0 Reactions

385 Views

RSS

juju22

(@juju22)

New Member

Joined: 16 years ago

Posts: 3

Topic starter 03/09/2009 12:17 am

I'm working on cheatsheet on how to handle a suspicion of malware on smartphone (in a company). So i'm looking for main steps we need to make, and few commands which could help for most investigation.

I'm perfectly aware it depends a lot on the context, the smartphone platform and the tool i have at the moment but i only want a baseline/cheatsheet like SANS (https://forensics2.sans.org/community/downloads/), not a standard.

Few references, i found
+ Incident response for the mobile enterprise, 2007
http//isc.sans.org/diary.html?storyid=3084
+ Guidelines on Cell Phone Forensics, 2007
http//csrc.nist.gov/publications/nistpubs/800-101/SP800-101.pdf
+ Guidelines on PDA Forensics, 2004
http//csrc.nist.gov/publications/nistpubs/800-72/sp800-72.pdf
+ Cell Phone Forensic Tools An Overview and Analysis, 2005
http//csrc.nist.gov/publications/nistir/nistir-7250.pdf
+ Forums
http//www.phone-forensics.com
http//www.forensicfocus.com/mobile-forensics-forum

For example, preparation step contains ensure appropriate tool and process exist, have a defined process for the helpdesk to "seal" the phone.
identification treats general malware effects which could help to detect it.
and so on.

I'm looking more on the investigation stuff but if you have advices for the whole process, i'm also interested.

thanks a lot
Cheers

Quote

8 Forums
15.7 K Topics
92.3 K Posts
251 Online
41.1 K Members

Forum Icons: Forum contains no unread posts Forum contains unread posts

Topic Icons: Not Replied Replied Active Hot Sticky Unapproved Solved Private Closed