Hi everyone!
This is my first post on this forum, so please be understanding 🙂
My team is working on the malware analysis process. During testing, we encountered a problem with exporting a malicious file. The .exe file was recovered from a wiped USB device using EnCase. However, when we try to export it in one way or another (for example, with FTK Imager), our antivirus automatically detects the malware and removes it (which makes sense of course). Do you know of any way to safely export the file preferably to a zip archive, bypassing the cache in which the file can be detected by the antivirus?
Of course, we want to avoid the possibility of infecting our workstations. In the future we will have virtual machines available for this purpose, but at the moment we have to deal with it without them.
We have EnCase, Axiom, FTK Imager, WSL with the Ubuntu distro installed, and a few other tools at our disposal. I thought about some EnScript, but I couldn't find any in the official repository that meets our requirements.
Any ideas will be appreciated, thanks!
K
First of all, I seriously doubt you recovered a ".exe" file, or any file, from a wiped USB device by using Encase. Wiping has a very specific meaning. I'm guessing you meant deleted.
The simplest thing to do is to turn off your virus scanner. Malware needs to be executed to infect, simply copying or zipping the file is perfectly safe.
