Finding Unknown Malware

  • Monday, 07 Oct 2013 9:00PM EDT (08 Oct 2013 01:00 UTC)
  • Speaker: Hal Pomeranz

Join us for the next installment of the SANS-APAC webcast series where we will provide a technical look at Finding Unknown Malware.

If you have ever been given the mission to \Find Evil" on a compromised system, you understand the enormity of that tasking. In this one-hour webcast, we will make use of sound methodology for identifying malware, using strategies based on "Knowing Normal", "Data Reduction" and "Least Frequency of Occurrence" in order to identify malicious software and common methods of persistence. The skills and tools presented here will aid in efficient identification of anomalous files in order to narrow further analysis and facilitate the creation of indicators of compromise, used in enterprise-wide scanning.

Note: This is a technical talk that leverages subject matter from SANS FOR508: Advanced Digital Computer Forensic Analysis and Incident Response.