Skip to main content
Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious Software
Australian Digital Forensics Conference
  • Murray Brand, Edith Cowan University
  • Craig Valli, Edith Cowan University
  • Andrew Woodward, Edith Cowan University
Publication Date
Document Type
Conference Proceeding
School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
This paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a hostile environment. To this end, the analyst must understand the anti-analysis techniques that can be employed and how to mitigate them, the limitations of existing tools and how to extend them, and how to employ an appropriate analysis methodology to uncover the intent of the malware.

Originally published in the Proceedings of the 8th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, November 30th 2010

Citation Information
Murray Brand, Craig Valli and Andrew Woodward. "Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious Software" (2010)
Available at: