Behavioral Analysis
Behavioral analysis involves executing a malware specimen in a controlled environment. Within this environment you should have all of the tools necessary to simulate the services the malware will try to interact with. This might include things such as a simple honeypot, an IRC server, or a web server. In addition to this, you should have tools in place to monitor the actions the malware takes when interacting with these services. This means file system, registry, and network monitoring software.
Code Analysis
Code analysis involves disassembling and reverse engineering the code of the malware. This can be done in a static state where the code is analyzed without being executed, or in a dynamic state where the code is examined as it is being processed by the system.
These phases are very different but are both essential for performing a thorough analysis. If you have more of a systems administration background you will most likely spend a great deal more time performing behavioral analysis, where as a programming background might tilt you towards spending more time doing code analysis. Your malware analysis lab will typically reflect your preferred analysis type.
Behavioral analysis involves executing a malware specimen in a controlled environment. Within this environment you should have all of the tools necessary to simulate the services the malware will try to interact with. This might include things such as a simple honeypot, an IRC server, or a web server. In addition to this, you should have tools in place to monitor the actions the malware takes when interacting with these services. This means file system, registry, and network monitoring software.
Code Analysis
Code analysis involves disassembling and reverse engineering the code of the malware. This can be done in a static state where the code is analyzed without being executed, or in a dynamic state where the code is examined as it is being processed by the system.
These phases are very different but are both essential for performing a thorough analysis. If you have more of a systems administration background you will most likely spend a great deal more time performing behavioral analysis, where as a programming background might tilt you towards spending more time doing code analysis. Your malware analysis lab will typically reflect your preferred analysis type.
No comments:
Post a Comment