Many forensic analysts stop their malware investigation at either finding a file on a device, or simply removing the malware infection. However, for some of the advanced modern malware this simply will not work. Consider the CryptoWall variant of March 2015. If your incident response plan merely restored access to your files, you made a mistake. Because that variant of Cryptowall also dropped spyware on the infected system.
Also consider modern Advanced Persistent Threats (APT’s). These advanced attacks often use zero-day exploits or sophisticated malware that won’t be detected by most anti-virus. Only by conducting memory analysis can you find the malware and understand what exactly it does.
EC Council has a new Malware and Memory forensics course. In this course we first examine malware both operationally and taxonomically. Then we provide details on how to analyze malware and suspected malware using a range of dynamic analysis techniques. We also provide you with a working knowledge of memory forensics. Not just how to use memory forensics tools, but what the results mean.
About Dr. Chuck Easttom:
Dr. Chuck Easttom is the author of 27 books, including several on computer security, forensics, and cryptography. His books are used at over 60 universities. He has also authored scientific papers (over 60 so far) on digital forensics, cyber warfare, cryptography, and applied mathematics. He is an inventor with 17 computer science patents. He holds a Doctor of Science in cyber security (dissertation topic: a study of lattice-based cryptographic algorithms for post quantum computing) and three master’s degrees (one in applied computer science, one in education, and one in systems engineering). He is currently working on a second doctorate in a bit different field, bio-engineering and nanotechnology (dissertation topic “The effects of nonlinear dynamics on nanotechnology and bioengineering”), due to complete summer 2020. He is a Senior Member of the IEEE and a Senior Member of the ACM as well as a member of IACR (International Association of Cryptological Research) and INCOSE (International Council on Systems Engineering). He is also a Distinguished Speaker of the ACM (Association of Computing Machinery). and a frequent speaker at conferences. He is a reviewer for six scientific journals and the Editor in Chief for the American Journal of Science and Engineering. He is a Professor of Practice at Capitol Technology University teaching graduate courses in computer science, electrical engineering, cybersecurity, and related areas as well as chairing doctoral dissertation committees. He is also the Director of Capitol Technology University’s Quantum Computing and Cryptography Research Lab. He also currently holds 55 industry certifications (CHFI, CISSP, CASP, CEH, etc.) He frequently serves as an expert witness in computer related court cases. You can get more details at www.ChuckEasttom.com