SUMMARY

In this chapter we walked through an attack that was slightly more sophisticated than the PFE attack discussed earlier in this book. We found that the same techniques could be employed, regardless of the sophistication level of the attacker. Getting the full picture of the attacker’s actions required the use of live analysis, memory analysis, and filesystem analysis. We were able to research the malware installed to discover its functionality. In the next chapter, we will discuss how to analyze unknown executables. Our conversation will include determining if unknown files are actually malware.

CHAPTER