All the tools discussed in this chapter can be used in concert to maximize the amount of information gleaned during dynamic analysis. In this section, we’ll look at all the tools discussed in the chapter as we present a sample setup for malware analysis. Your setup might include the following:
Running procmon and setting a filter on the malware executable name and clearing out all events just before running.
Starting Process Explorer.
Gathering a first snapshot of the registry using Regshot.
Setting up your virtual network to your liking using INetSim and ApateDNS.
Setting up network traffic logging using Wireshark.
Figure 3-12 shows a diagram of a virtual network that can be set up for malware analysis. This virtual ...