Chapter 6. Executable File Analysis

Solutions in this chapter:

▪ Static Analysis
▪ Dynamic Analysis
Summary
Solutions Fast Track
Frequently Asked Questions

Introduction

At times during an investigation you may come across a suspicious executable file on which you would like to perform some analysis to get an idea of what it does or what function it performs. Many times, an intruder may leave scripts or configuration files behind, and these files are generally text files that can be opened and viewed. In the case of scripts, some knowledge of programming may be necessary to fully understand the function of the file.
In Chapter 5, we discussed file signature analysis, a method for determining whether a file has the correct file extension based on the ...

Get Windows Forensic Analysis DVD Toolkit, 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.