Lessons Learned from an Investigation into the Analysis Avoidance Techniques of Malicious Software

Authors

Murray Brand, Edith Cowan UniversityFollow
Craig Valli, Edith Cowan UniversityFollow
Andrew Woodward, Edith Cowan UniversityFollow

Document Type

Conference Proceeding

Publisher

School of Computer and Information Science, Edith Cowan University, Perth, Western Australia

Abstract

This paper outlines a number of key lessons learned from an investigation into the techniques malicious executable software can employ to hinder digital forensic examination. Malware signature detection has been recognised by researchers to be far less than ideal. Thus, the forensic analyst may be required to manually analyse suspicious files. However, in order to hinder the forensic analyst, hide its true intent and to avoid detection, modern malware can be wrapped with packers or protectors, and layered with a plethora of antianalysis techniques. This necessitates the forensic analyst to develop static and dynamic analysis skills tailored to navigate a hostile environment. To this end, the analyst must understand the anti-analysis techniques that can be employed and how to mitigate them, the limitations of existing tools and how to extend them, and how to employ an appropriate analysis methodology to uncover the intent of the malware.

Comments

8th Australian Digital Forensics Conference, Edith Cowan University, Perth Western Australia, November 30th 2010

DOI

10.4225/75/57b2903540cd7