Professional Documents
Culture Documents
Lecture 9
0011 0010 1010 1101 0001 0100 1011
Binary Analysis
News Item
Data Stolen From 2,300 British Computers
Found in The United (11 October 2006)
Microsoft Issues Ten Bulletins on Patch
Tuesday (12 & 10 October 2006)
Cyber Thief Steals Data on Brock
University Donors (12 October 2006)
More Than Half of Higher Education
Institutions Surveyed had Security Breaches
Last Year (10 October 2006)
Sans Newsbites
Lecture Overview
0011 0010 1010 1101 0001 0100 1011
Legal/Policy
Preparation
Collection
Analysis
Findings/
Evidence
Motivation
What is Binary Analysis?
Where does it fit in DF?
How is it done?
What are some of the tools?
What are some of the gaps?
Reporting/
Action
Module 1
0011 0010 1010 1101 0001 0100 1011
Binary Analysis
Analysis of binary data
Analysis of executables
Can be performed on live or dead systems
Module 2
0011 0010 1010 1101 0001 0100 1011
Characteristics
Module 3
0011 0010 1010 1101 0001 0100 1011
Binary Analysis
Description of forensics time-line
Analysis goals
Description of a typical analysis techniques
System Data
Files from OS directory, registry entries,
services
Network Data
Network traffic related to the system in
question
Tools
Debuggers
OllyDbg, etc.
Disassemblers
IDA Pro, etc.
Binary editors
Hex Workshop, etc.
Utilities
Libraries, Development, Network, Misc.
OllyDbg
0011 0010 1010 1101 0001 0100 1011
IDA Pro
0011 0010 1010 1101 0001 0100 1011
Module 4
0011 0010 1010 1101 0001 0100 1011
Gaps
Gaps
What are the difficult problems?
Technology advancement
System complexity
Questions?
0011 0010 1010 1101 0001 0100 1011