Abstract
This chapter introduces Windows-based file profiling analysis through an incident response scenario. During the course of responding to or investigating an incident encountered on a system within a targeted network, or clearly linked to receipt by a network user via email, instant messaging, or other means of online communication or file transfer, a suspicious file may be fairly characterized as: of unknown origin, unfamiliar, or seemingly familiar, but located in an unusual place on the system. After extracting the suspicious file from the system, determining its purpose and functionality is often a good starting place. This process is called file profiling. The file profiling process entails an initial or cursory static analysis of the suspect code. Static analysis is the process of analyzing executable binary code without actually executing the file. Dynamic or behavioral analysis involves executing the code and monitoring its behavior, including its interaction and effect on the host system. These are the two approaches to code analysis that most digital investigators implement.
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a callDisclaimer: All third-party content on this website/platform is and will remain the property of their respective owners and is provided on "as is" basis without any warranties, express or implied. Use of third-party content does not indicate any affiliation, sponsorship with or endorsement by them. Any references to third-party content is to identify the corresponding services and shall be considered fair use under The CopyrightLaw.
