O'Reilly logo

Learning Network Forensics by Samir Datt

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Performing malware forensics

Now that we have the fundamentals in place, it is important to understand that malware forensics is different from malware analysis. Malware analysis involves capturing a sample of the malware and performing a static or dynamic analysis on it. Here, the compiled and obfuscated code is reversed in order to try and determine what the malware was programmed to do.

Malware forensics, on other hand, attempts to locate and examine the forensic artifacts that exist on system media, RAM, and network to help answer whether the system was compromised, how was it done, what was the infection vector, which particular malware was involved, what data is exfiltrated, and so on.

In the previous section, we looked at the IOC and how ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required