Friday, 26 April 2013

Introduction to malware forensics

Earlier this month I was delighted to sit on a discussion panel at Kaspersky Lab's reviewers workshop in Lisbon.

I later demonstrated some tools and techniques for analysing the behaviour of malware. I have provided links to the tools and some other useful resources.

(left to right) Peter Stelzhammer, Sveta Miladinov, Simon Edwards and Andreas Marx
The area that I focussed on involved detecting rootkit-related malware in tests. Usually you can't tell if there are hidden processes running using conventional tools.

At Dennis Technology Labs we always check for hidden processes using some advanced techniques usually reserved for malware analysts and forensics investigators.

To get a short insight into how we do that (and how you can), take a look at the link above.

Following a series of interviews, Arne Arnold from PC-Welt wrote an interesting article that shows the difference in opinions of testers and analysts. [Original (German); a poor Google Translation (English)]