X hits on this document

132 views

0 shares

0 downloads

0 comments

32 / 47

Orion Incident Response Live CD

3

10.

Malware Analysis

The skill level of malware analysts varies widely. Orion tries to accommodate highly skilled analysts while creating some quick and dirty tools and methods for performing triage. If the analyst is junior, we recommend the analyze-win-malware script mentioned below be used for a quick initial analysis followed by submission to one of the automated online analysis tools, such as the stellar CW Sandbox. Experienced team members will then want to use one or more of the installed debugging and unpacking tools discussed below to perform manual analysis.

10.1. Static Analysis

Orion includes a number of static malware analysis tools. Some of these tools run within WINE to allow the work in an environment that is mostly native to the Orion installation. This figure shows McAfee FileInsight running under WINE to analyze a malicious binary. FileInsight is a great platform for analysis because it has a python-based plugin framework. For example, it includes a plugin for submission of samples to VirusTotal for analysis. Didier Stevens has also written some FileInsight plugins (included in Orion). Future versions of Orion will also have some additional custom plugins that are currently in development.

John Jarocki, john.jarocki@gmail.com

Document info
Document views132
Page views133
Page last viewedMon Dec 05 23:06:27 UTC 2016
Pages47
Paragraphs864
Words8806

Comments