Category:Digital-Forensics/Computer-Forensics/Dynamic-Analysis/Sandboxes

From aldeid
Jump to: navigation, search
You are here:
Sandboxes

Description

This article explains the environment you can build to perform malware analysis.

Environment

  • Virtualization: VMWare WorkStation (VirtualBox is also an option)
  • OS: Microsoft Windows 7 64bit

Tools

Tool Static Analysis Dynamic Analysis Description
7zip Uncompress utility
apateDNS Intercept DNS request/responses
API Monitor Monitor and control API calls made by applications and services
autoruns Show programs configured to autostart during boot
binText Find Ascii, Unicode and Resource strings in a file
CFF Explorer Advanced PE Editor
CHimpREC Import Rebuilder that can be used to dump a packed executable in memory
exe2aut AutoIt3 Decompiler
Fiddler Web debugging proxy (can intercept SSL connnections)
hiew Hex editor and assembler/disassembler
IDA Pro Disassembler (also debugger)
ILSpy .NET assembly browser and decompiler
LordPE Edit/view many parts of PE files, dump them from memory, optimize them, validate, analyze, edit
malzilla Malware hunting tool that uses the SpiderMonkey engine to analyze scripts
OfficeMalScanner MS Office forensic framework to scan for malicious traces, like shellcode heuristics, PE-files or embedded OLE streams
OffVis Help understanding the Microsoft Office binary file format in order to deconstruct .doc-, .xls- and .ppt-based targeted attacks.
OllyDbg Debugger
PEiD PE info / Packer identifier
ProcDOT Malware activity visualization tool
Process Hacker Process/Resources monitoring tool
Process Monitor Advanced monitoring tool for Windows that shows real-time file system, Registry and process/thread activity
Regshot Registry/FileSystem compare utility (diff between 2 snapshots)
Resource Hacker view, modify, rename, add, delete and extract resources in 32bit & 64bit Windows executables and resource files (*.res)
strings.exe Display strings
Sysinternals Suite List of system tools for Windows developed by Microsoft Sysinternals
unarj.exe Uncompress utility
upx.exe
wget.exe
WinDbg 32bit/64bit user and kernel-mode debugger
WireShark Create and read network capture files (pcap[ng])
XPELister PE viewer and editor that also has a RepairPE module

Pages in category "Digital-Forensics/Computer-Forensics/Dynamic-Analysis/Sandboxes"

The following 2 pages are in this category, out of 2 total.