Introduction This year, I had the privilege of attending the OpenText Enfuse conference in Las Vegas. While there, I had the opportunity to develop my forensic abilities and build relationships with industry professionals, co-workers, friends, and many other wonderful new people. The breakout sessions provided me with deep level overviews of interesting topics like threat […]
Continue readingIntroduction Now that we’ve had a good amount of time to work on this project, we’ve been able to analyze multiple samples of Malware. One of the samples we reviewed was a RAT (Remote Access Trojan), commonly referred to as DarkComet. A RAT is software that allows a person to remotely control a system as […]
Continue readingIntroduction: We were able to get our AWS client working with some outside help, and will be using the ThreatAnalyzer to deploy any malware samples we submit. Once it is finishing analyzing the malware, ThreatAnalyzer will then create a detailed report for us. This report serves as an excellent reference while we do some static […]
Continue readingIntroduction To Malware Analysis In order to build upon work done by the LCDI’s Malware Analysis Team last semester, we are adopting Amazon Web Services. Amazon WorkSpaces will allow us to conduct malware research with the guarantee that the LCDI network will remain unaffected by any samples we choose to analyze. The Malware Team has […]
Continue reading
FINAL Malware Analysis Update Introduction: Throughout this semester, we’ve been working diligently to create a malware analysis environment that is both effective and easily accessible. After considerable research and testing,we have learned useful information about various aspects of malware analysis. Cuckoo allows us to automate the process by simply importing malware into it and receiving […]
Continue reading
For the second part of our Volatility project, we wanted to determine whether or not we could find traces of malware in a system that was once put in hibernation mode. When a user puts their computer into hibernation, a hiberfil.sys file is created. If a system has malware running in the background and is then put into hibernation, we hypothesized that hiberfil.sys will have remnants of the malicious code. Continue reading