Important! Bring your own laptop and a pre-installed Windows XP virtual machine!
A properly configured laptop is required to participate in this course. Prior to the start of class, you must install the necessary software as described below. If you do not carefully read and follow these instructions, you are guaranteed to leave the course unsatisfied, since you will not be able to participate in hands on-exercises that are essential to this course.
The following are minimal hardware requirements for your laptop:
- DVD-ROM drive
- 2 GHz CPU (a faster processor is recommended)
- 2GB RAM (more memory is recommended)
- 10 GB of available disk space (more space is recommended)
Creating a Windows Virtual Machine Using VMware
You will use VMware to simultaneously run multiple virtual machines when performing hands-on exercises. You must have VMware Workstation version 8 or higher installed on your system. If you do not own and cannot purchase VMware Workstation, you can download a free trial copy from VMware. VMware will send you a 30-day serial number if you register for the trial at their Web site.
When analyzing malware, you will make use of a virtual Windows machine running within VMware. You will be asked to infect this virtual machine when examining malicious code. You must create a Windows XP (32-bit) virtual machine using your copy of VMware before coming to class. Note that this involves not only creating a virtual machine shell using VMware, but also installing your copy of the Windows XP operating system into the virtual machine.
If you don't have Windows XP installation medium, you can obtain a free virtual machine from Microsoft if you are running Windows 7 Professional, Enterprise, or Ultimate on your base system. To do this and to import the virtual machine into VMware, follow instructions here.
Install Windows XP with Service Pack 3 (32-bit) on your virtual machine. Don't install anti-virus software on the Windows virtual machine. Lastly, be sure to install Internet Explorer 8 or higher into your Windows virtual machine.
Shut down your Windows virtual machine and configure it to use the "Host-only" network connection. You can do this by selecting Settings of your virtual machine in VMware, clicking Network Adapter on the Hardware tab, and selecting "Host-only." Then, start the virtual machine and confirm that you received an IP address from the VMware built-in DHCP server. You can do this by typing "ipconfig" on the command prompt within your virtual machine.
Hands-on exercises will involve operating with malicious code. Although VMware will provide you with reasonable isolation, we do not recommend using a production system as your laboratory machine. We expect you to exercise due caution when handling malicious code.
Additional Tools You Will Receive
We will provide you with additional tools for completing hands-on exercises. Additionally, we will provide you with a pre-built Linux virtual machine (REMnux) so that you do not need to build your own. Hardware requirements outlined above are meant to ensure that you have sufficient memory and disk space available to simultaneously run the Windows virtual machine (that you will build yourself before class) and the Linux virtual machine (that we will provide to you during class).
Review the following checklist when leaving for the training event to make sure that your laptop is prepared for the course:
- Your laptop meets hardware requirements outlined in this note.
- VMware Workstation 6 or higher is installed.
- The VMware Workstation license will not expire before the class (if using a trial copy).
- You created a VMware virtual machine running Windows XP with Service Pack 3 (32-bit) and Internet Explorer 8 installed.
- Your Windows virtual machine is using "Host-only" network connection and is able to obtain an IP address from the DHCP server built into VMware.
If you have additional questions about the laptop specifications, please contact firstname.lastname@example.org.