The SANS institute has been nice enough to collect a list of checklist and procedural documentation to aid the Computer Forensic Examiner in the possible tasks they may be faced with. https://www.sans.org/score/checklists
A couple of my favorites so far are the Malicious File Investigation Procedures (https://www.sans.org/media/score/checklists/Malicious-File-Investigation-Procedures.pdf) which details a method for investigating a potential Malware sample. It is a step-by-step plan for keeping notes as you determine if a file is malicious, classify malicious specimens, determine if it is packed, and reverse engineering.
And the Rootkit Investigation Procedures (https://www.sans.org/media/score/checklists/rootkits-investigation-procedures.pdf)
Which details some tips and tricks to evaluating a system for Rootkit infection. It may be a little old (2011) but a lot of the information is still perfectly valid. Slack space, for instance, is still a popular choice to hide Malware bits.
No comments:
Post a Comment