A Comprehensive Guide to Digital Forensics & Malware Analysis for Practical Incident Response

Digital forensics and incident response are indispensable techniques to protect organizations from attacks. Furthermore, in recent years, many malware related attacks have occurred in enterprise environments. Therefore, you need deep knowledge and analysis techniques for malware and attack tools used via the malware as well. For example, a RAT has a file uploading function to an infected host. When a file is uploaded, the malware creates a temporary file which its name ends with ".tmp" extension with its original name. If you determine this by malware analysis, you can discover the file which the attackers sent by analyzing the NTFS journal file. This is why we believe malware analysis is needed.