Malware Analysis an...
 
Notifications
Clear all

Malware Analysis and Reverse Engineering

12 Posts
10 Users
0 Likes
332 Views
noahb2868
(@noahb2868)
Posts: 50
Trusted Member
Topic starter
 

All,
I am starting to learn and I am putting together a service offering for my company showing that I/We (My Group) can do malware forensics. I was wondering if anyone out there has any ideas on books, training or information for someone just starting to look at this. I have been searching the internet, but find too many articles from early 2000. I am sure stuff has changed a little. Anything would be greatly appreciated.

Thanks,
Noah

 
Posted : 06/08/2008 2:45 am
(@kpryor)
Posts: 68
Trusted Member
 

Malware Forensics Investigating and Analyzing Malicious Code came out recently. I don't have it yet, but I hear it's good. You can find it at http//tinyurl.com/6rsny5

 
Posted : 06/08/2008 8:07 am
(@bithead)
Posts: 1206
Noble Member
 

There is the ever popular Windows Forensic Analysis Including DVD Toolkit ISBN-10 159749156X
Chapters 6 & 7

Are you going at this from the programming side or the detection side or what? What is your definition of "malware forensics"?

 
Posted : 06/08/2008 7:09 pm
noahb2868
(@noahb2868)
Posts: 50
Trusted Member
Topic starter
 

I am going at this from a detection and analysis side. I can understand what the code is trying to do at a beginner level. My definition of Malware forensics would be finding the "malicious software or code" on a machine and analyzing how it got there and by whom. I am sure there is more, but again I am at the beginning stages of learning about this.

 
Posted : 06/08/2008 9:32 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

Noah,

Once you find the the malware on a system, determining the infection vector can be relatively straightforward. In most cases, spyware and malware gets on a system via a limited number of vectors, and if you scan an image with AV, all you need to do is check the AV vendor's description of the malware propagation method, and then verify it.

 
Posted : 07/08/2008 3:12 am
kleanchap
(@kleanchap)
Posts: 19
Active Member
 

I have been stung by rootkits atleast about 3 times in the past 5 months. The only recourse was to reinstall Windows. Having said that, my main question is,

What benefits are there from analyzing malware?

I am trying to understand the business benefit for the customer who is hiring someone to perform malware forensics? If all the data is lost, then it is purely forensics to prosecute the offending party.

By no means, I am discouraging the original poster with his business venture. I am trying to understanding the business benefit from such an analysis.

Wish you all the best on the business venture.

Thanks to anyone who can enlighten an ignorant person like me. -)

 
Posted : 07/08/2008 10:37 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

> What benefits are there from analyzing malware?

It depends on what the customer wants. I've been asked in the past to examine malware to determine if it had networking capabilities, and in another instance to attempt to determine if the malware was specifically targeting files or data on the customer's network/systems.

Due to state notification laws for PII, as well as compliance enforcement regarding PCI (Visa PCI) and PHI (HIPAA), many organizations now want to know if, when they were infected, was any data taken from systems. So, questions generally tend to trend to things along those lines.

 
Posted : 08/08/2008 12:39 am
(@spawn)
Posts: 34
Eminent Member
 

Getting back to the original question I would recomend the following books.

The Art of Computer Virus Research and Defense (Symantec Press) (Paperback) - ISBN-13 978-0321304544

Hacker Disassembling Uncovered Powerful Techniques To Safeguard Your Programming (Paperback) - ISBN-13 978-1931769228

and not forgetting

Microsoft Windows Internals (4th Edition) Microsoft Windows Server 2003, Windows XP, and Windows 2000 (Hardcover) - ISBN-13 978-0735619173

If only these had been around when I started… even so I still own copies now.

I'm sure someone will be able to chip in with *nix variants.

 
Posted : 06/10/2008 5:15 am
(@echo6)
Posts: 87
Trusted Member
 

I'm sure someone will be able to chip in with *nix variants.

UNIX Forensic Analysis http//www.amazon.com/UNIX-Linux-Forensic-Analysis-Toolkit/dp/1597492698/ref=sr_1_1?ie=UTF8&s=books&qid=1224625777&sr=8-11

Other books I would consider would be the following
Rootkits by Gregg Hoglund and James Butler http//www.amazon.com/Rootkits-Subverting-Addison-Wesley-Software-Security/dp/0321294319/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1224625867&sr=8-1
Hacking The Art of Exploitation http//www.amazon.com/Hacking-Art-Exploitation-Jon-Erickson/dp/1593271441/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1224625842&sr=8-1
The Shellcoders Handbook http//www.amazon.com/Shellcoders-Handbook-Discovering-Exploiting-Security/dp/047008023X/ref=pd_bbs_sr_1?ie=UTF8&s=books&qid=1224625808&sr=8-1

 
Posted : 22/10/2008 2:51 am
(@farmerdude)
Posts: 242
Estimable Member
 

I would have to disagree with Jon and _not_ recommend UNIX Forensic Analysis. I don't think too many folks after reading it would be able to do malware analysis or identify rootkits on *nix systems.

George Carlin is infamous for saying … "Opinions are like _ _ _ _ _ _ _ _, we all have them and they all stink".

😉

Cheers!

farmerdude

www.forensicbootcd.com

www.onlineforensictraining.com

 
Posted : 27/10/2008 4:08 pm
Page 1 / 2
Share: