What is Malware Forensic

What is Malware Forensics?

The genesis of computer viruses started in early 1980s when some researchers came up with self-replicating computer programs. In 1984 Dr. Cohen provided a definition for computer viruses saying, “A virus is program that’s ready to infect other programs by modifying them to incorporate a possibly evolved copy of itself”. This definition is predicated on the behavior of programs of that period, was appropriate. However, overtime viruses have evolved into dozens of various categories and are now termed collectively as malware rather than just virus. an epidemic is now simply considered together category of malware.

Malware is brief for Malicious Software. it’s software that’s specially designed to harm computer data in how or the opposite. Malware have evolved with technology & has taken full advantage of latest technological developments .

Malware consists of programming (code, scripts, active content, and other software) designed to disrupt or deny operations, gather information that results in loss of privacy or exploitation, gain unauthorized access to system resources and other abusive behavior .

What is Malware Forensics?

It is a way of finding, analyzing & investigating various properties of malware to seek out the culprits and reason for the attack. the method also includes tasks like checking out the malicious code, determining its entry, method of propagation, impact on the system, ports it tries to use etc. investigators conduct forensic investigation using different techniques and tools.

Types of Malware:

The category of malware is predicated upon different parameters like how it affects the system, functionality or the intent of the program, spreading mechanism, and whether the program asks for user’s permission or consent before performing certain operations. a number of the commonly encountered malwares are:

  • Backdoor
  • Botnet
  • Downloader
  • Launcher
  • Rootkit
  • HackTool
  • Rogue application
  • Scareware
  • Worm or Virus
  • Credential-stealing program, etc.

Symptoms of Infected Systems:

Following are some symptoms of an infected system-

  • System could be come unstable and respond slowly as malware might be utilizing system resources.
  • Unknown new executables found on the system.
  • Unexpected network traffic to the sites that you simply don’t expect to attach with.
  • Altered system settings like browser homepage without your consent.
  • Random pop-ups are shown as advertisement.

Recent additions to the set are alerts shown by fake security applications which you never installed. Messages like “Your computer is infected” are displayed and it asks the user to register the program to get rid of the detected threat. Overall, your system will showcase unexpected & unpredictable behavior.

Also Read : Cyber Crime Investigation : Tools and Techniques

Different ways Malware can get into system:

  • Instant messenger applications
  • Internet relay chat
  • Removable devices
  • Links and attachments in emails
  • Legitimate “shrink-wrapped” software packaged by disgruntled employee
  • Browser and email software bugs
  • NetBIOS (File sharing)
  • Fake programs
  • Untrusted sites & freeware software
  • Downloading files, games screensavers from websites .

Prerequisites for Malware Analysis:

Prerequisites for malware analysis include understanding malware classification, essential x86 programming language concepts, file formats like portable executable file format, windows APIs, expertise in using monitoring tools, disassemblers and debuggers .

Types of Malware Analysis:

The two of the malware analysis types supported the approach methodology include:

Static Malware Analysis: it’s a basic analysis of code & comprehension of the malware that explains its functions.

Dynamic Malware Analysis: It involves execution of malware to look at its conduct, operations and identifies technical signatures that confirm the malicious intent.

Online Malware Analysis Services:

  • VirusTotal
  • Metascan Online
  • Malware Protection Center
  • Web Online Scanners
  • Payload Security
  • Jotti
  • Valkyrie, etc.

Malware Analysis Tools:

  • IDA Pro
  • What’s Running
  • Process Explorer
  • Directory Monitor
  • RegScanner
  • Capsa Network Analyzer
  • API Monitor .

It is an enormous concern to supply the safety to computing system against malware. a day many malwares are being created and therefore the worse thing is that new malwares are highly sophisticated which are very difficult to detect. Because the malware developers use the varied advanced techniques to cover the particular code or the behavior of malware. Thereby, it becomes very hard to research the malware for getting the useful information so as to style the malware detection system due to anti-static and anti-dynamic analysis technique. Therefore, it’s crucial for the forensic analysts to possess sound knowledge of various malware programs, their working, and propagation, site of impact also as methods of detection and analysis and continuous advancement of an equivalent .

Topic Related Questions

  1. Can a computer virus steal your identity?
  2. What are the 4 types of malware?
  3. What is the best program to remove viruses?
  4. How do I detect malware on my network?

This Blog Article is posted by

Infosavvy, 2nd Floor, Sai Niketan, Chandavalkar Road Opp. Gora Gandhi Hotel, Above Jumbo King, beside Speakwell Institute, Borivali West, Mumbai, Maharashtra 400092

Contact us – www.info-savvy.com


Leave a Comment