Inspecting Dynamic Malware
The previous chapter discussed how to inspect or analyze static malware, or malware that is not running. I discussed the most common static analysis techniques and how information gathered from each of those techniques can be used to identify whether a file is malicious and, if it is indeed malicious, possibly identify its directive based on data gathered statically.
It is a known fact that static analysis is limited because most of the magic happens when the malware is running. When the malware is running in an environment it was designed to execute in, it reveals most of its functionalities, thus opening it up for observation and experimentation by malware analysts and researchers. This is inspecting dynamic ...