tryan6,
As you are an FTK user (not sure which version) it may be worthwhile requesting a trial on Cerberus Malware Detection from AccessData or from your reseller. This is an add on for FTK4. I am not sure if trials are still available though
This video explains in depth how it works (be warned it is 50 min) and I recommend it for anyone considering Cerberus or wanting to learn more.
https://www.youtube.com/watch?v=YNjoW-OImyg&hd=1
Access Data has had a big push into Enterprise Security and I expect Cerberus to get a lot of attention in the future, as it is one of the core modules for the CIRT product.
More info on Cerberus here - http://www.accessdata.com/products/cerberus
Please note that the FTK4 add-on only handles Stage One analysis, but it does give you a relatively fast analysis of what the potential malware is attempting and you can then perform further analysis with more dedicated tools.
The Enterprise Products includes stage 2 analysis and offers the ability to re-mediate the process.
Others may prefer a more hands on approach to Malware analysis.
↧