We are proud and excited to present you a new issue ofeForensics Magazine! In the focus: Malware Forensics: Detecting the Unknown.
Discover and understand Malware Architecture, hunt for malware traces, get to know Volatility tool, go through a real case phishing scenario, learn how to fight ROOTKITS, read up on Keyloggers and mobile malware forensics, check whether your PDF isn’t infected with malicious software and many, many more!
Also, we prepared something special for you: an interview with Richard Zaluski from Centre for Strategic Cyberspace + Strategic Science. Make sure you read it and consider joining the CSCSS Experts Programme!
Enjoy more than 100 pages of this great content!
Check here for the full table of contents:
UNDERSTANDING MALWARE FORENSICS
by Dr. Eric Vanderburg
At this point, everyone is familiar with malware. It has been around for decades in the form of viruses, Trojans, bots and worms. Everyone with a computer has been infected at one point or another. In fact, the problem is so pervasive that, like the common cold, we have become used to and somewhat tolerant of these malicious programs. The malware of the past has given way to today botnets and fast acting worms that infect with impunity, stealing information, hijacking computers and causing all manner of harm. This leads us to malware forensics, the study of how such crimes happen. While remote hackers hide under a mast of anonymity, their programs do their dirty work and it is the forensic investigator who must determine the facts of the case.
MALWARE AND ANTI-VIRUS ARCHITECTURE
by Cecilia McGuire
This Do-it-Yourself on Malware and Anti-virus technologies is a beginner’s “how-to” on malware and antivirus technologies. The scope of Malware is vast and dynamic, covering an array of Malicious programs such as Viruses, Trojan Horses, rootkits, spyware, browser hijacking, worms, to name a few. As a consequence the scope is limited to some of the fundamental principles of Malware and Antivirus technologies. A guide to developing a basic antivirus using Visual Basic 2013 to provide readers with the building blocks they need to create a more advanced, personalised custom antivirus utility.
PHISHING ANALYSIS: A REAL ATTACK CASE SCENARIO
by Anderson Tamborim
In this article, we will analyze a real case of a directed attack known as APT. We will study its main aspects, understand what the general purposes of these kind of attacks are and how to leverage the knowledge over the enemy for our own profit.
AN INTRODUCTION TO KEYLOGGERS
by Irv Schlanger and Ruth Forese
Keyloggers have the reputation as being one of the more intrusive kinds of tracking devices. Keylogging refers to the recording of keystrokes that a user types on a computer. Keylogging is often associated with malware, where its purpose is to obtain personal information without a user’s knowledge or consent. Keyloggers can also be used for other reasons, however, such as for troubleshooting computer problems and conducting research. This article introduces various types of keyloggers and then overviews two types of keylogging software, both of which require little technical knowledge and can be easily set up by the average user.
THE BAREBONES APPROACH TO MALWARE FORENSICS
by Charles Coker, Nicole Michaelis and Andrew Akker
For some organizations, a strategic response may not involve the most sophisticated software tools. In fact, end-user education and procedures that recognize the end-user’s role in malware protection and forensics can go a long way toward the protection of sensitive information assets.
INTERVIEW PANEL WITH RICHARD ZALUSKI – CHAIRMAN, CEO AND PRESIDENT OF CENTRE FOR STRATEGIC CYBERSPACE + SECURITY SCIENCE/ CSCSS
We need to address what our systems are doing, why, when and where. When I check into a hotel, the first thing they ask me is for my credit card for ‘incidentals” associated with a hotel stay. People readily hand over their cards which are then transacted and information is stored. Stored? Where? How? By whom? Who has access? What about confidentiality?
THE ROOTKITS: An Informative Nutshell Approach of Rootkit Forensics for Computer Forensics Experts
by Dr. Sameera de Alwis
Enormous volume of hacking occurrences, severe data breaches and data leakages are being reported universally. Rootkits (A.K.A – Administrator’s Nightmare) are rapidly fetching the tool of choice for the present day cyber-crimes and reconnaissance involving network interrelated computing equipment and data. Rootkit is a type of malicious (malcode) software application or malware that is installed by an invader afterward the target victim system has been compromised at the root or administrator’s level. Present-day and emerging uncovering tactics rely on low level knowledge of Rootkit enactments, and so will persist in a mercurial point.
HUNTING FOR MALWARE TRACES IN AUTOSTART LOCATIONS OF A BIOS-BASED WINDOWS 7 MACHINE
by Lorenzo Cantoni
During a security incident you have found a machine which communicates with a suspicious Internet host. After an initial analysis you found a malicious DLL injected inside “svchost.exe”. Malware Analysis shows that the DLL is a Trojan Horse and it is responsible of the malicious network traffic. You remove the DLL from the system and reboot it, but it magically reappears and restarts to communicate with his Command & Control host. Now what?
ANLAYSTIS OF A POTENTIAL MALICIOUS PDF DOCUMENT
by Stephen Roy Coston Jr.
Cyber criminals are using special crafted PDF documents to bypass governments and private sector intrusion detection systems (IDS) and antivirus software. These PDF’s can be used in phishing attacks and combined with social engineering to gain a foot hold into your secure network. These attacks have been on the rise as of late, and a malware analyst should beware of this attack vector and the tools to analyze the potential malicious document.
FINDING ADVANCED MALWARE USING VOLATILITY
by Monnappa Ka
When an organization is a victim of advanced malware infection, a quick response action is required to identify the indicators associated with that malware to remediate, establish better security controls and to prevent future ones from occurring. In this article you will learn to detect advance malware infection in memory using a technique called “Memory Forensics” and you will also learn to use Memory Forensic Toolkits such as Volatility to detect advanced malware with a real case scenario.
CHALLENGES OF MOBILE MALWARE FORENSICS EVOLUTION
by David Clarke
Mobile Malware is evolving fast. The development of Mobile Malware is growing at an unprecedented rate, so the mitigation and counter measures needed to understand the landscape and provide the appropriate solutions must develop as rapidly. Mobile devices are part of our everyday lives, so much so that they have become part of our identity, especially for payments. The forensic solutions now need to appreciate psychology, human nature and social media as they too become part of the attack vectors used. The following is an outline of the challenges we are now faced with, and which have emerged in just a few months.