Malware Analysis Essay

990 Words4 Pages
While building a Malware Analysis Environment the accompany contemplations must be considered. The design of the lab should be straightforward in nature which will take into account the lab to be effectively well maintained. In the event that the lab is excessively perplexing difficult to maintain, it dreadfully troublesome (Sanabria, 2007). Malware Analysis can’t be performed in a normal environment or a simple computer. The malware analysis can be performed in virtual computer forensic lab environment. “The most popular and flexible way to set up such a lab system involves virtualization software, which allows you to use a single physical computer for hosting multiple virtual systems, each running a potentially different operating…show more content…
Another benefit one should use is that VMWare’s access to the NIC (Network Interface Card) can be disabled (Distler, 2007). There are many different malware analysis tools can be used depending on the type of malware analysis is to be analyzed. Before you infect your lab system with malware for analyzing, you have to install and activate helpful monitoring tools. Examining the code that contains malware samples reveals characteristics that might be hard to acquire through behavioral investigation. The following tools are popular and free monitoring and code-analysis tools that allow one to observe Windows-based malware behaves with its environment (Zeltser, 2015):
- Process Monitor with ProcDOT: is a file system and registry monitoring tool that offers a capable approach to watch how local processes write, read, or delete registry files and entries. This tool enable one to see “how malware attempts to imbed into the system upon infection (Zeltser, 2015).”
- Process Explorer and Process Hacker: are process monitoring tools that replace the implicit Windows Task Manager, helping one observe malicious processes, “including local network ports they may attempt to open (Zeltser, 2015).”
- Wireshark: is a popular network monitoring tool which observes lab network traffic for malicious communication, for example, DNS resolution requests and bot traffics.
- OllyDbg and IDA Pro Freeware: are dissembler and debugger tools that can
Get Access