Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.


  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint
Share this Page URL
Help

Chapter 9. Analysis of a Suspect Program... > Pre-execution Preparation: System an...

Pre-execution Preparation: System and Network Monitoring

A valuable way to learn how a malicious code specimen interacts with a victim system, and identify risks that the malware poses to the system, is to monitor certain aspects of the system during the runtime of the specimen. In particular, tools that monitor the host system and network activity should be deployed prior to execution of a subject specimen and during the course of the specimen's runtime. In this way, the tools will capture the activity of the specimen from the moment it is executed. On a Windows system, there are five areas to monitor during the dynamic analysis of malicious code specimen: the processes, file system, registry, network activity, and API calls. To effectively monitor these aspects of our infected virtual system, use both passive and active monitoring techniques (see Figure 9.5).

Figure 9.5. Implementation of Passive and Active Analysis Techniques



  

You are currently reading a PREVIEW of this book.

                                                                                                                    

Get instant access to over $1 million worth of books and videos.

  

Start a Free Trial


  
  • Safari Books Online
  • Create BookmarkCreate Bookmark
  • Create Note or TagCreate Note or Tag
  • PrintPrint