Skip to main content
Article
Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious Software
Australian Digital Forensics Conference
  • Murray Brand, Edith Cowan University
  • Craig Valli, Edith Cowan University
  • Andrew Woodward, Edith Cowan University
Publication Date
1-1-2010
Document Type
Conference Proceeding
Publisher
School of Computer and Information Science, Edith Cowan University, Perth, Western Australia
Abstract

This paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a hostile environment. To this end, the analyst must understand the anti-analysis techniques that can be employed and how to mitigate them, the limitations of existing tools and how to extend them, and how to employ an appropriate analysis methodology to uncover the intent of the malware.

Comments

Originally published in the Proceedings of the 8th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, November 30th 2010

Disciplines
Citation Information
Murray Brand, Craig Valli and Andrew Woodward. "Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious Software" (2010)
Available at: http://works.bepress.com/craig_valli/31/