Semester 3 / ECTS Credits: 5 ECTS
Course Description:
The main objective of this course is to give short and focused introduction to malware forensic analysis with emphasis on malware analysis techniques.
Students will gain comprehensive knowledge and practical skills of the topics covered with theories, concepts, and hands-on exercises.
The course covers strategies and techniques for analyzing even the most sophisticated malicious programs. It also shows when to use specified technique and why. Basics of malware collection and detecting are presented with memory forensic techniques and tools. Executable code analysis is introduced with various tools and techniques. Interesting topics such as memory analysis, PDFs, and Office documents analyses for suspicious content, basics of reverse engineering common encoding and encryption algorithms are covered too. At the end of course, sandboxes and their purpose is explained on different examples.
Practical skills will be obtained during lab work using virtual machines and isolated lab network by working on real-life scenarios.
Learning Outcomes:
- Perform system analysis on malware impact.
- Create reports on malware digital forensic analysis.
- Apply processes of malware identification and analysis.
- Malware identification and classification.
- Analyze malware behavior.
- Malware analysis on Windows operating systems.
- Malware analysis on Linux operating systems.
Course content lectures:
- Introduction to the Malware Forensics
- Taxonomy of malicious code
- Malware threats
- Legal aspects
- Creating safe environment for malware analysis
- Types of analysis: dynamic, static, hybrid
- Monitoring computer processes
- Analysis of computer registry
- Extraction and analysis of malware
- Tools for malware analysis
- Monitoring and analysis of network
- PDF and Microsoft office vulnerabilities
- Static malware analysis
- Linux and MAC malware analysis
- Sandbox
- Creating reports on malware analysis