X hits on this document

133 views

0 shares

0 downloads

0 comments

38 / 47

Orion Incident Response Live CD

3

10.4. Online Analysis

Several sophisticated online analysis tools exist if an Internet connection is available to the analyst. Our team uses these sites to provide a quick triage, and in some cases, a comprehensive analysis of questionable web sites or captured malware. Orion contains bookmarks for submission of these samples to the following tools and more when online analysis is an option. (CWSandbox - Automated Malware Analysis, 2010), (jsunpack - a generic JavaScript unpacker, 2010), (ThreatExpert online file scanner, 2010), (VirusTotal

  • -

    Free Online Virus and Malware Scan, 2010) (wepawet, 2010)

The following screen shot shows an analysis report from SunBelt Security’s CWSandbox. This tool from Sun Belt Security executes the malware in a virtual environment and catalogs processes, files, network connections, etc. Even for experienced responders, this information can save a lot of time.

Figure 25: CW Sandbox analysis of captured malware

John Jarocki, john.jarocki@gmail.com

Document info
Document views133
Page views134
Page last viewedTue Dec 06 13:04:59 UTC 2016
Pages47
Paragraphs864
Words8806

Comments