Malware and Digital Forensics
Malware Analysis, Malware Incident response; Analyzing Physical Process Dumps for Malware Artifacts; Discovering and Extracting Malware and Associated Artefacts from Windows and Linux; Advanced Malware; Investigative and Forensic Methodologies; Forensic Analysis, Preservation and Examination of Volatile Data; Recovery of Deleted Files; Building Live Response Toolkit; Volatile Data and Non-Volatile Data Collection methodologies in Windows and Linux Live Systems; Data analytics; Windows System Forensics; Incident Response Tool Suites for Windows; Memory Forensics Methodology for Windows and Linux; Windows Memory Forensics Tools; Linux Memory Forensics Tools; Forensic Examination of Compromised Systems; Filesystem Forensics, Network Forensics, Using Linux as a Forensic Platform, Audit Trail, Report Writing, Expert Witness.
- Digital Forensics 1st Edition by Andre Arnes Wiley; 1 edition (2017) ISBN-10: 1119262380
- Practical Windows Forensics by Ayman Shaaban and Konstantin Sapronov (2016) Packt Publishing
- The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory by AAron Walters, Andrew Case, Jamie Levy, and Michael Hale Ligh, 1st edition (2014) Publisher Wiley ISBN: 1118825098
- File System Forensic Analysis by Brian Carrier, Addison-Wesley Professional 1st Edition (2015), ISBN-13: 978-0321268174
For the practical component of this course, students should be introduced to using antivirus tools to confirm maliciousness, using hashes to identify malware, gleaning information from a file’s strings, functions, and headers. Perform static and dynamic analysis, demonstrate understanding of Sandboxing and Anti-sand Boxing. Conduct investigative forensic methodologies to demonstrate the use of hex editors to extract file formats and systems, use of a Linux system as forensic station, artefact extraction form web browsers, recovering deleted files using forensic tools, write report on the investigation.
Tools: md5deep, PotentialKeylogger, ApateDNS, NetCat, Wireshark, VMware, FTK, Winhex, X-Ways Forensics, Autopsy/ The Sleuth Kit.