Summary: The course focuses on training the analyst for finding malware and analyzing it.The course teaches fundamentals of Windows OS from malware forensics perspective.During the 5-day period, all the attendees will analyze multiple malware samples of various categories including RATs, Botnets, Key loggers, APT malware etc.

Student Lab Requirement:

Vmware Workstation 10.X or later/ Fusion 6.0+/ Player 6+ running Windows 7/XP, 100 GB free disk space
Content

1. Overview on current Threat Landscape

  • 1.1. Malware Categorization
  • 1.2. Cyber Kill Chain
  • 1.3. APTs

2. Building Malware Analysis Lab.

3. Windows System Structure (forensics Context)

  • 3.1. Processes
  • 3.2. Prefetch Files
  • 3.3. Browser
  • 3.4. Auto runs
  • 3.5. Scheduled Tasks
  • 3.6. Registry
  • 3.7. Windows Artifact Analysis from various locations)
  • 3.8. Timeline Analysis
  • 3.9. Time stamping

4. Static Analysis

  • 4.1. Scanning, Hashing, Fuzzy Hashing
  • 4.2. Unpacking
  • 4.3. Find Anomalies
  • 4.4. Visualization
  • 4.5. File Analysis
  • 4.6. PE Analysis
  • 4.7. Document File Analysis
  • 4.8. PDF analysis

5. Dynamic Analysis

  • 5.1. Building the lab
  • 5.2. Snapshot
  • 5.3. Network Interactions
  • 5.4. Sandboxes
  • 5.5. Sandbox Evasion Techniques

6. Network Artifact Analysis

  • 6.1. PCAP analysis
  • 6.2. Evidence Extraction from PCAPs
  • 6.3. Tracing Malware communications

7. Memory Forensics

  • 7.1. Overview
  • 7.2. Processes and Threads
  • 7.3. Data Structures
  • 7.4. Recovering Files
  • 7.5. Process Memory
  • 7.6. Hooks
  • 7.7. Finding Hidden Processes
  • 7.8. Memory Acquisition
  • 7.9. Finding Malware in memory