Dynamic analysis

Dynamic Analysis is often facilitated using a sandbox. One method is to have a virtual appliance with the proper operating system installed. From here, the analyst can monitor network traffic, examine processes and compare them to normal baseline behavior. Deviations from this baseline can be examined in more detail to determine if they are legitimate or tied to a malicious executable.

In addition to utilizing virtual machines, there are several automated tools that re-create the sandbox environment for analysts to execute live applications that are suspected of containing malicious code. These tools can be configured and deployed within the enterprise environment, or there is the ability to upload the potential malware to ...

Get Digital Forensics and Incident Response now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.