Chapter 5

File Identification and Profiling

Initial Analysis of a Suspect File on a Windows System

Solutions in this chapter:

• Overview of the File Profiling Process

• Profiling a Suspicious File

• File Similarity Indexing

• File Visualization

• File Signature Identification and Classification

• Embedded Artifact Extraction

• Symbolic and Debug Information

• Embedded File Metadata

• File Obfuscation: Packing and Encryption Identification

• Embedded Artifact Extraction Revisited

• Profiling Suspect Document Files

• Profiling Suspect Portable Document Format (PDF) Files

• Profiling Suspect Microsoft (MS) Office Files

• Profiling Suspect Compiled HTML Help Files


This chapter addresses the methodology, techniques, and tools for ...

Get Malware Forensics Field Guide for Windows Systems now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.