About Sarah
Articles with the tag: malware analysis
Self deleting malware
Mon, 03 Mar 2014 09:56PM
Have you ever wondered how some malware variants are able to delete themselves? A malicious executable is launched on a machine, and once launched in memory, the executable vanishes. This makes malware analysis very hard if no memory dump was taken, as there is seemingly nothing there. We can however use other artefacts to confirm the running of a non-existent file, such as by looking at the Prefetch files, User Assist files and certain registry entries.
Alternate Data Streams
Wed, 28 Aug 2013 08:43PM
Lots of apologies that I haven’t been blogging lately. I have recently got married, and as you can imagine that has taken up a lot of my time! I’m currently doing a course called the Certified Malware Investigator run by 7Safe, and one of the practical exercises in today’s session was on Alternate Data Streams (ADSs). I’ve been playing around with these and here is a quick summary!
Previous blog entries
Blog categories
- Forensics & science (7)
- Homemade arts & crafts (11)
- Rabbits (8)
- Programming (6)
- Miscellaneous (25)
- Recipes (5)
- Reviews (14)
- Digital Forensics & Malware (42)
- Trips & Visits (16)
- Cyber Security & Threat Management (12)
- IT & Computers (7)
- HCI & Design (6)
Blog tags
iPod Touch Webscavator Nybble UK Cyber Security Strategy foreman web browser forensics Windows 7 public lecture intelligence Highland cow heatmap PostgreSQL Mendeley file headers GPU self deletion polaroid induction jquery CSS cards Dean Village metaphors Hayes commands crime scene quantitative web history Windows crime stew web usability music Brigitte Reusch art history Tineye East Lothian Firefox General Election readability cloud Shellbags sock puppets Kilimanjaro greeting proxy logs rock captcha Demand Five AES cables case management Moroccan cuisine risotto Art Attack Chilli data privacy answers Lenzie Humyo fabric
