Skip to content
August 19, 2013 / Rahul Kashyap

Digital Forensics: A framework for malware analysis

My colleague Vadim Kotov and I recently wrote an article for Digital Forensics Magazine focused on malware analysis for the Security Operations Center (SOC). In this article we reverse engineer several samples of bootkits discovered in the wild and discuss how our LAVA analysis platform can be leveraged for analyzing similar instances of malware. We used a few samples of Gapz for the analysis, which is regarded to be one of the more sophisticated bookits.

Summary of the article:

– Analysis leveraging contextual visual insights of the malware execution flow can be useful, particularly for identifying the key functions of the malware quickly.

–   A relational view of the malware execution in conjunction with core Operating System elements (FileSystem, Registry, network, CPU Registers, etc) can help to identify the category of malware and prioritize research efforts.

– The ability to change the entropy of the infected environment (micro-VM) can uncover new code paths of the malware with minimal effort for the researcher.

The article is titled “VM Introspection: Creating New Frontiers For Live Forensics” and is available here.  Check it out!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: