Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious SoftwareAustralian Digital Forensics Conference
Document TypeConference Proceeding
PublisherSchool of Computer and Information Science, Edith Cowan University, Perth, Western Australia
AbstractThis paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a hostile environment. To this end, the analyst must understand the anti-analysis techniques that can be employed and how to mitigate them, the limitations of existing tools and how to extend them, and how to employ an appropriate analysis methodology to uncover the intent of the malware.
Citation InformationMurray Brand, Craig Valli and Andrew Woodward. "Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious Software" (2010)
Available at: http://works.bepress.com/craig_valli/31/