Incident Response and Malware Analysis
] An outline of the main areas includes:
Threat Timelining. This involves networks and host traces around key threats, such as DDoS, malware infection and data loss.
Host Investigation Evidence Gathering: Windows, Linux, Android and Mac OS.
System Architectures, Services and Devices. Networked infrastructures (Servers/Firewall/IDS/ Syslog).
Network Protocol Analysis. Advanced Network Protocol Analysis, Advanced Trace Analysis, IDS Signature Detection, and Security Threat Network Traces.
Log Capture/Analysis, and Time-lining. Creating large-scale data infrastructure and analysis methods such as Big Data, SIEM and cross-log analysis.
Malware Forensics. Code Analysis, Host/Network Analysis, Reverse Engineering. Mobile/x86 architecture, Machine Code Analysis, Vulnerability Analysis and Sandboxed Analysis.
Malware Analysis. Encoding methods. Static/Dynamic Analysis. Disassembly. Obfuscation. Behaviour Analysis. Encoding methods.
Advanced Malware Analysis. Anti-disassembly, anti-debugging, packers and unpackers, malware launching, malware signatures, and shell code analysis.
Data Hiding. Data hiding methods, tunnelling, and disk encryption.
Current Related Research.