Module 12 - Malware Forensics Fundamentals and Recognize Types of Malware Analysis
Call Kai
Learn
Practice Test
Spaced Repetition
Match
Flashcards
Knowt Play1/70
There's no tags or description
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced | Call with Kai |
|---|
No analytics yet
Send a link to your students to track their progress
71 Terms
Introduction to Malware Forensics: True or False: Often, attackers use malware such as virus, worm, trojan, spyware, and ransomware to commit a crime on the intended target system. A malware can inflict intellectual and financial losses to the target, which may be an individual, a group of people, or an organization. The worst part is that it spreads from one system to another with ease and stealth.
True
Introduction to Malware Forensics: What is the method of finding, analyzing, and investigating various malware properties to find the culprits and reason behind the attack? The process also includes tasks such as finding the malicious code and determining its entry, method of propagation, impact on the system, ports it tries to use, etc. Forensic investigators use a set of tools and techniques to conduct static analysis and dynamic (run-time) analysis of the malicious code.
Malware forensics
Identifying and Extracting Malware: True or False: Malware programs exhibit specific properties, which can help the investigators in identifying or distinguishing them from normal software programs. Investigators can use software and hardware tools as well as online tools and databases to identify the malware.
True
Identifying and Extracting Malware: Investigators can use tools such as ______________________________________ to extract patterns of investigative interest from malicious files.
Balbuzard, Cryptam Malware Document Detection Suite, etc.
Identifying and Extracting Malware: Investigators can perform ________________ together to identify the intent and capabilities of the
malware.
Static and dynamic analysis
Identifying and Extracting Malware: What is the process of looking for known traces and values that indicate the presence of a malware? These traces include the presence of malicious codes, strings, executables, etc. in the software program.
Static analysis
Identifying and Extracting Malware: What uses a different approach, such as scanning the behavior of the software program while running it in a controlled environment?
Dynamic analysis
Prominence of Setting Up a Controlled Malware Analysis Lab: A _____________________ is instrumental in gauging the behavioral pattern of a malware, as malware programs are dynamic in nature and will interact with various parts of the system as well as the network when executed. Investigators should create an environment where they can execute the malware without disrupting or corrupting other devices.
Controlled malware analysis lab
Prominence of Setting Up a Controlled Malware Analysis Lab: The most effective way to set up such a lab involves the use of ________________, which enables investigators to host multiple virtual systems running different operating systems on a single computer.
Virtualization software
Prominence of Setting Up a Controlled Malware Analysis Lab: Which of the following is commonly used software to simulate real-time systems in a virtual environment?
VirtualBox
Prominence of Setting Up a Controlled Malware Analysis Lab: Which of the following is commonly used software to simulate real-time systems in a virtual environment?
VMware vSphere Hypervisor
Prominence of Setting Up a Controlled Malware Analysis Lab: Which of the following is commonly used software to simulate real-time systems in a virtual environment?
Microsoft Windows Server virtualization
Prominence of Setting Up a Controlled Malware Analysis Lab: True or False: A malware connects with networks and other systems for stealing data, getting instructions from the attacker, or copying itself. Researchers can use multiple interconnected virtual machines on a single physical computer for analyzing malware behavior on connected systems and learn about their propagation methods as well as other characteristics.
True
Prominence of Setting Up a Controlled Malware Analysis Lab: True or False: Investigators must take precautions, such as isolating the malware analysis lab from the production network using a firewall to inhibit malware propagation. One can use removable media, mainly DVDs, to install tools and malware. DVDs mostly support read only format of data transfer and prevent malicious software from writing or copying itself onto the DVD.
True
Prominence of Setting Up a Controlled Malware Analysis Lab: True or False: Investigators can also use a write-protected USB key. Using a malware analysis lab also enables the investigators to perform screen capturing during analysis. Additionally, it allows them to take snapshots of the laboratory system, which can be used to easily revert to a previous system state.
True
Preparing Testbed for Malware Analysis: What provides an in-depth understanding of each individual sample and identifies emerging technical trends from a large collection of malware samples? The malware samples are mostly compatible with Windows binary executables. There are different goals behind performing a malware analysis.
Malware analysis
Preparing Testbed for Malware Analysis: It is very hazardous to analyze malware on production devices connected to production networks. Therefore, one should always analyze malware samples on a __________
Test bed
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Allocating a physical system for the analysis lab
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Installing virtual machine (VMware, Hyper-V, etc.) on the system
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Installing guest OSs in the virtual machines such as Windows and Linux (Ubuntu) which serve as forensic workstations
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Isolating the system from the network by ensuring that the NIC card is in “host only” mode
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Simulating internet services using tools such as INetSim
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Disabling “shared folders” and the “guest isolation”
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Installing malware analysis tools
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Generating hash value of each OS and tool
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Copying the malware collected from the suspect machines onto the forensic workstations
Preparing Testbed for Malware Analysis: What are the requirements to build a test bed for malware analysis?
Keeping virtualization snapshot and re-imaging tools to capture machine state
Preparing Testbed for Malware Analysis: What tools are required for testing?
Imaging tool: To get a clean image for forensics and prosecution
Preparing Testbed for Malware Analysis: What tools are required for testing?
File/data analysis: To perform static analysis of potential malware files
Preparing Testbed for Malware Analysis: What tools are required for testing?
Registry/configuration tools: Malware infects the Windows registry and other configuration variables. These tools help identify the last saved settings
Preparing Testbed for Malware Analysis: What tools are required for testing?
Sandbox: To perform dynamic analysis manually
Preparing Testbed for Malware Analysis: What tools are required for testing?
Log analyzers: The devices under attack record the activities of malware and generate log files. Log analyzers are used to extract log files
Preparing Testbed for Malware Analysis: What tools are required for testing?
Network capture: To understand how the malware leverages a network
Supporting Tools for Malware Analysis: What hypervisor tool can be used for malware analysis?
Virtual Box
Supporting Tools for Malware Analysis: What hypervisor tool can be used for malware analysis?
Parallels Desktop 16
Supporting Tools for Malware Analysis: What hypervisor tool can be used for malware analysis?
VMware vSphere Hypervisor
Supporting Tools for Malware Analysis: What is a powerful x86 and AMD64/Intel64 virtualization product for enterprise as well as home use that runs on Windows, Linux, Macintosh, and Solaris hosts and supports a large number of guest operating systems including but not limited to Windows (NT 4.0, 2000, XP, Server 2003, Vista, Windows 7, Windows 8, Windows 10), DOS/Windows 3.x, Linux (2.4, 2.6, 3.x and 4.x), Solaris and OpenSolaris, OS/2, and OpenBSD?
Virtual Box
Supporting Tools for Malware Analysis: What helps develop & test across multiple OSes in a virtual machine for Mac and also allows accessing Microsoft Office for Windows and Internet Explorer from a MAC system and import files, apps and more from a PC to a Mac?
Parallels Desktop 16
Supporting Tools for Malware Analysis: What is a bare-metal hypervisor that virtualizes servers that comes with built-in VM management, scalable storage allocation and driver hardening features?
VMware vSphere Hypervisor
Supporting Tools for Malware Analysis: What network and internet simulation tools can be used for malware analysis?
NetSim
Supporting Tools for Malware Analysis: What network and internet simulation tools can be used for malware analysis?
ns-3
Supporting Tools for Malware Analysis: What network and internet simulation tools can be used for malware analysis?
Riverbed Modeler
Supporting Tools for Malware Analysis: What network and internet simulation tools can be used for malware analysis?
QualNet
Supporting Tools for Malware Analysis: What is an end-to-end, full stack, packet level network simulator and emulator that comes with a technology development environment for protocol modeling, network R&D and military communications?
NetSim
Supporting Tools for Malware Analysis: What is a discrete-event network simulator for Internet systems, targeted primarily for research and educational use? It is free software, licensed under the GNU GPLv2 license, and is publicly available for research, development, and use.
ns-3
Supporting Tools for Malware Analysis: What provides a development environment to model and analyze communication networks and distributed systems and helps simulate all network types and technologies (including VoIP, TCP, OSPFv3, MPLS, LTE, WLAN, IoT protocols, IPv6, and more) to analyze and compare impacts of different technology designs on endto-end behavior?
Riverbed Modeler
Supporting Tools for Malware Analysis: What is a planning, testing, and training tool that “mimics” the behavior of real communication networks and allows users to simulate the behavior of complex, large scale communications networks?
QualNet
Supporting Tools for Malware Analysis: Which of the following are screen capture and cecording tools for malware analysis?
Snagit
Supporting Tools for Malware Analysis: Which of the following are screen capture and cecording tools for malware analysis?
Camtasia
Supporting Tools for Malware Analysis: Which of the following are screen capture and cecording tools for malware analysis?
Ezvid
Supporting Tools for Malware Analysis: What is a screen capture and recording software tool that allows users to quickly capture the screen, add additional context, and share them as image, video or GIF and can be used to mark screenshots, trim video, or for templates that help create visual instructions and guides?
Snagit
Supporting Tools for Malware Analysis: What is a screen recorder and video editor that helps record anything on the computer screen– websites, software, video calls, or PowerPoint presentations and has a drag-and-drop editor which enables adding, removing, trimming, or moving sections of video or audio?
Camtasia
Supporting Tools for Malware Analysis: What is a full-featured video editor and screen recorder which comes with voice recording, facecam, voice synthesis, screen drawing, and speed control features and allows to draw directly on the screen or record one region of the screen as per requirements? It is available for Windows XP3, 7, 8, and 10.
Ezvid
Supporting Tools for Malware Analysis: What OS backup and imaging tool can be used for malware analysis?
Genie Backup Manager Pro
Supporting Tools for Malware Analysis: What OS backup and imaging tool can be used for malware analysis?
Macrium Reflect Server
Supporting Tools for Malware Analysis: What OS backup and imaging tool can be used for malware analysis?
R-Drive Image
Supporting Tools for Malware Analysis: What OS backup and imaging tool can be used for malware analysis?
O&O DiskImage 16
Supporting Tools for Malware Analysis: What tool takes four types of backups: full, incremental, differential, and mirror. Backup can be taken to any media such as local, external, FTP/FTPS, Amazon S3, Network, CD, DVD, and Blu-ray? This tool is available for Windows XP, Vista, 7, 8 and 10.
Genie Backup Manager Pro
Supporting Tools for Malware Analysis: What comes with a full set of features that provides full image or file and folder level restores and is designed for endpoint backup of business-critical servers in a commercial environment?
Macrium Reflect Server
Supporting Tools for Malware Analysis: What is a utility that facilitates disk image files creation for backup or duplication purposes?
R-Drive Image
Supporting Tools for Malware Analysis: What allows backing up an entire computer or single files, even while the computer is being used and lets users carry out a system restore and duplicate or clone an entire PC or hard drive?
O&O DiskImage 16
General Rules for Malware Analysis: True or False: During malware analysis, the investigators should pay greater attention to key features of a malware and should not try to observe every detail as malware is dynamic and may change its properties. In difficult and complex sections, investigators should try to gather a general overview.
True
General Rules for Malware Analysis: True or False: During malware analysis, the investigators should pay greater attention to key features of a malware and should not try to observe every detail as malware is dynamic and may change its properties. In difficult and complex sections, investigators should try to gather a general overview.
True
General Rules for Malware Analysis: True or False: Investigators should try different tools and approaches as they yield different results in different situations. Even though various tools and techniques have similar functionalities, a different approach or a different angle may provide a different result.
True
General Rules for Malware Analysis: True or False: As investigators adopt new malware analysis techniques, malware authors and attackers also try to find new evasion techniques to thwart analysis. Investigators must be able to identify, understand, and defeat these aversion techniques.
True
Types of Malware Analysis: Malware analysis can be categorized into two types: _______________ Both approaches demonstrate the functionality of the suspect malware being examined; however, the tools, time, and skills required for performing the analysis are different.
Static analysis or dynamic analysis.
Types of Malware Analysis: What is a basic analysis of the binary code and comprehension of the malware that explains its functions? Behavioral analysis or dynamic analysis deals with the study of malware behavior during installation, on execution, and while running.
Static analysis
Types of Malware Analysis: Static analysis: A _________________ involves the analysis of a malware without executing the code or instructions. The process includes the usage of different tools and techniques to determine the malicious part of the program or a file. It also gathers information about malware functionality and collects technical pointers or simple signatures it generates. Such pointers include file names, MD5 checksums or hashes, file types, and file sizes. Disassemblers such as IDA Pro can be used to disassemble the binary file.
General static scrutiny
Types of Malware Analysis: What involves the execution of a malware to examine its conduct and impact on system resources and network. It identifies technical signatures that confirm a malicious intent and reveals various useful information, such as domain names, file path locations, created registry keys, IP addresses, additional files, installation files, DLLs, and linked files located on the system or network.
Dynamic analysis
Types of Malware Analysis: What type of analysis requires virtual machines and sandboxes to deter the spread of malware? Debuggers such as GDB, OllyDbg, WinDbg, etc., are used to debug a malware at the time of its execution to study its behavior.
Dynamic analysis
Types of Malware Analysis: What techniques are recommended to better understand the functionality of a malware, but differ in the tools used, and time and skills required for performing the analysis?
Static and Dynamic Analysis
