Malware Analysis

Malware analysis and reverse engineering is up there as a favorite with computer forensics. I am not sure if it is the investigative approach to malware analysis – finding out how these bad programs work, or the opportunity to hone my assembly programming skills.

Tools

  • RECmd – RECmd is the command line component of Registry Explorer and opens up a remarkable capability to script and automate registry data collection. Tool that assists in finding Registry Malware Persistence with RECmd
  • Timeline Explorer – a program that started out as a means to view mactime and Plaso generated CSV timelines without the need to use Excel. From these two formats, it has expanded into a tool that supports a wide variety of file formats generated by forensic tools in addition to any random CSV or Excel file you may run across.
  • ApateDNS – A must when undertaking dynamic memory analysis. This tool is perfect for controlling DNS responses though an easy-to-use GUI.
  • FLARE VM – FLARE VM is a Windows-based security distribution for malware analysis, incident response, and penetration testing.