Scribd Logo
Upload

Welcome to Scribd!

  • Digital Forensics Lecture 9 Binary Analysis Tools

    Uploaded by

    Viju Neduvathoor
    13 views20 pages
    This document summarizes a lecture on digital forensics and binary analysis. It outlines presentations on binary analysis tools, malicious code detection, and reverse engineering. It also lists upcoming presentations on forensic certifications and evidence collection. The document discusses the motivation for binary analysis, how it fits into digital forensics, how analysis is typically conducted using tools like debuggers and disassemblers, and gaps in the field like lack of experts and legal understanding.

    Original Description:

    Original Title

    09 Binary Analysis.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes a lecture on digital forensics and binary analysis. It outlines presentations on binary analysis tools, malicious code detection, and reverse engineering. It also lists upcoming presentations on forensic certifications and evidence collection. The document discusses the motivation for binary analysis, how it fits into digital forensics, how analysis is typically conducted using tools like debuggers and disassemblers, and gaps in the field like lack of experts and legal understanding.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    13 views20 pages

    Digital Forensics Lecture 9 Binary Analysis Tools

    Uploaded by

    Viju Neduvathoor
    This document summarizes a lecture on digital forensics and binary analysis. It outlines presentations on binary analysis tools, malicious code detection, and reverse engineering. It also lists upcoming presentations on forensic certifications and evidence collection. The document discusses the motivation for binary analysis, how it fits into digital forensics, how analysis is typically conducted using tools like debuggers and disassemblers, and gaps in the field like lack of experts and legal understanding.

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 20

    Digital Forensics

    Lecture 9
    0011 0010 1010 1101 0001 0100 1011

    Binary Analysis

    This Weeks Presentations

    Joshua Prusak: Tools for Binary Analysis


    Sage LaTorra: Detection of Malicious Code
    Rodrigo Lopes: Reverse Engineering
    Chad Cravens: Encrypted Binaries (EC)

    0011 0010 1010 1101 0001 0100 1011

    Next Week Presentations

    Mayurie Shakamuri: Forensic Certifications


    Unnati Thakore: Risk Analysis for Evidence
    Collection
    Jim Curry: Non-IT Parents Ability to Investigate
    their Childs Behavior (EC)
    Kelcey Tietjen: EnCase Forensic Toolkit (EC)
    Maggie Castillo: Slueth Kit Forensic Toolkit
    (EC)
    Rodrigo Lopes: Paraben Forensic Toolkit (EC)

    0011 0010 1010 1101 0001 0100 1011

    News Item
    Data Stolen From 2,300 British Computers
    Found in The United (11 October 2006)
    Microsoft Issues Ten Bulletins on Patch
    Tuesday (12 & 10 October 2006)
    Cyber Thief Steals Data on Brock
    University Donors (12 October 2006)
    More Than Half of Higher Education
    Institutions Surveyed had Security Breaches
    Last Year (10 October 2006)

    0011 0010 1010 1101 0001 0100 1011

    Sans Newsbites

    Lecture Overview
    0011 0010 1010 1101 0001 0100 1011

    Legal/Policy

    Preparation

    Collection

    Analysis

    Findings/
    Evidence

    Motivation
    What is Binary Analysis?
    Where does it fit in DF?
    How is it done?
    What are some of the tools?
    What are some of the gaps?

    Reporting/
    Action

    Motivation for Binary Analysis

    Measure and mitigate potential impacts


    Understand and mitigate malicious code
    Understand adversarial motivation
    Testing of high consequence systems
    Interoperability testing
    Failure and fault analysis
    What else?

    0011 0010 1010 1101 0001 0100 1011

    Module 1
    0011 0010 1010 1101 0001 0100 1011

    What is Binary Analysis?

    Binary Analysis
    Analysis of binary data
    Analysis of executables
    Can be performed on live or dead systems

    0011 0010 1010 1101 0001 0100 1011

    Module 2
    0011 0010 1010 1101 0001 0100 1011

    Where Does Binary Analysis Fit?

    Characteristics

    This is an expert activity


    Expensive for a corporation to maintain
    Both and art and a science
    Very tool intensive
    Becoming more difficult to accomplish

    0011 0010 1010 1101 0001 0100 1011

    When to Use It?


    Triggered by routine observation
    Based on a suspicion
    Preemptive analysis

    0011 0010 1010 1101 0001 0100 1011

    Module 3
    0011 0010 1010 1101 0001 0100 1011

    How its Done

    Binary Analysis
    Description of forensics time-line

    0011 0010 1010 1101 0001 0100 1011

    Analysis goals
    Description of a typical analysis techniques

    Type of Data to Collect


    User Data

    0011 0010 1010 1101 0001 0100 1011

    Documents, email, images, encrypted files

    System Data
    Files from OS directory, registry entries,
    services

    Network Data
    Network traffic related to the system in
    question

    Execution information (most difficult)


    Behavior

    Tools
    Debuggers

    0011 0010 1010 1101 0001 0100 1011

    OllyDbg, etc.

    Disassemblers
    IDA Pro, etc.

    Binary editors
    Hex Workshop, etc.

    Utilities
    Libraries, Development, Network, Misc.

    OllyDbg
    0011 0010 1010 1101 0001 0100 1011

    IDA Pro
    0011 0010 1010 1101 0001 0100 1011

    Module 4
    0011 0010 1010 1101 0001 0100 1011

    Gaps

    Gaps
    What are the difficult problems?

    0011 0010 1010 1101 0001 0100 1011

    Technology advancement
    System complexity

    Legal understanding of this domain


    Lack of experts
    Lack of communication among corporations

    Questions?
    0011 0010 1010 1101 0001 0100 1011

    After all, you are an investigator

    You might also like