Lisbon 2013 FIRST TC

Forensic Investigation & Malware Analysis against Targeted Attack using Free Tools

FIRST Hands-On Classes

Wednesday — January 30th, 2013 09:30

Wednesday — January 30th, 2013 14:15

We will learn how to examine a disk image of the compromised PC, then analyze malicious document and malware extracted from the image. This hands-on session is outlined as follows:

  • Find malicious auto-started programs
  • Browse and recover (deleted) files
  • Analyze Windows registry hives
  • Analyze a malicious Office document
  • Analyze swf file and malware

Requirement

Students should bring your own laptop that matches the following requirements.

Hardware
  • at least 2GB RAM
  • at least 50GB free disk space
Host OS
  • Windows XP SP3 or later with administrative accounts
    (We will not support other OS such as Mac OS X and Linux, but you can use it on your own.)
  • VMware player or VMware workstation
    (We will not support other VM environments such as VMWare Fusion and VirtualBox, but you can use it on your own.)
  • Microsoft Office or OpenOffice to view CSV log files
Guest OS
  • Windows XP SP3 or later 32bit with administrative accounts
  • OPTIONAL: Microsoft Office 2007 to open a malicious document for dynamic malware analysis
    (Attendees without Office 2007 can execute a malware instead of opening the doc)

Moderators

  • Hiroshi Suzuki (IIJ-SECT, JP) JP

    Hiroshi Suzuki is a malware analyst, working for a Japanese ISP company, Internet Initiative Japan Inc. His main job is to analyze malware and vulnerabilities, to observe malware activity, and digital forensics with over seven years.

  • Takahiro Haruyama (IIJ-SECT, JP) JP

    Takahiro Haruyama (Internet Initiative Japan Inc.) Takahiro Haruyama, EnCE, is a forensic professional with over seven years of extensive research experience and knowledge in intrusion detection, authentication, VPN, digital forensics and malware analysis. He is the author of memory forensic EnScript such as Raw Image Analyzer (previously called Memory Forensic Toolkit) and Crash Dump Analyzer. He also has spoken at several conferences about digital forensics and computer security including Black Hat Europe 2012, The Computer Enterprise and Investigations Conference (CEIC) 2011 and RSA Conference Japan 2010.