Hi,
Some people recommeded VMWare. While being a great product in general,
you might run into problems when using it for malware analysis.
Malware these days, at least the sophisticated ones, detect that they
are running inside a virtual machine. Your results are
therefore not what you migh expect. We use Core Restore instead.
http://www.coreprotect.com/core_restore.html
It might be cool to see what files are created,changed or deleted, but
it does not give you a real clue what the malware does. Take the
banking trojans as an example. Most of them trigger only when the
victim types in the correct URL of the targeted bank. You need not
only file/registry tools, you should combine that with WiresShark for
network traffic analysis, Paros to see what is going on on the web
application part, OllyDbg to analyze the malware sample more deeply
etc. etc.
Hope that helps
SkillTube Team
Quoting Rafa Richart <Rafa@ontinet.com>:
Hi Pals,
we're looking for some tools to analize the Malware behaivor, we've
a Lab under contrucción, but we need some advices of what tools
we've to use. tools to see what have benn changin the registry, stat
conexions etc...
Any help is wellcome.
Thanks in advance
Rafa
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
|