1- Malware collection
Dionea
A low interaction honeypots that collect the copy of the malware exploiting vulnerabilities exposed.
2-Virtualization
Virtualization is the creation of a virtual (rather than actual) version of something,
such as an operating system, a server, a storage device or network resources.
Vmware Workstation And VirtualBox
This tools for virtaulising the computer system.
3-Forensic Image
When a computer is identified as possibly containing electronic evidence, it is imperative to follow a strict set of procedures to ensure a proper extraction of any evidence that may exist on the subject computer.
The first thing to remember is the “golden rule of electronic evidence.
Hilex Pro
A forensic tool that is specified for incident responsed.
4-Memory Analysis
Volatility Framework
A forensic tool that can extract various types of information from a memory image
5-Intial Virus Scan
Virus Total
A public service that analysis suspecious files and Urls
6-Intial Sandbox Analysis
Anubis & CWSandbox
Public service that analyse the behaviour of window PE-executables with special focus on the analysis of malware
7-Packer Detectors
PEiD
A tools that detect packers,cryptors and compilers of Window PE-executables
It detects most common packers, cryptors and compilers for PE files.
This program is used for examining, as it reveals whether or not the program is protected, if protected,
it will determine the type of protection method and if not, it will determine the programming language used to write program.
PEiD is downloaded from http://www.peid.info/files/PEiD-0.94-20060510.zip
8-String Extractor
BinText v3.03
A tool that find ASCII ,Unicode and Resource strings in a file
9-Disassemblers and Debuggers
IDAPro and OllyDbg
Tools for reverse Engineering. OllyDbg is the most widely used program for the debugging purposes,so it's a debugger that emphasizes binary code analysis, which is useful when source code is not available.
It traces registers, recognizes procedures, API calls, constants and strings, as well as locates routines from object files and libraries.
The software is free of cost, OllyDbg is downloaded from http://www.ollydbg.de/odbg110.zip.
1: addresses of assembly instructions window
2: commands and instructions in assembly language
3: comments window
4: information window
5: registers window: involves general purpose registers, EIP register which always points to instruction currently executed,
segment registers, flags register and another types of registers.
6: dump memory window: which contain the addresses, hexa representation and the ASCII corresponded to them.
7: Stack window
0 comments:
Post a Comment