Deductive Reasoning: File Analysis Techniques

Presented at BSidesDC 2015, Oct. 17, 2015, 10:30 a.m. (50 minutes).

Are you a new incident responder or do you want to break into the field? Forgotten in the age of sandboxes, Virus Total and other large scale automated tools, is the human element. Combining deductive reasoning and simple static file analysis this session will help you to determine whether or not a a file could be malicious without debugging or disassembling the file.

Come along as we introduce you to the world of malware and some basic tools at everyone’s disposal. You’ll learn about basic concepts and phenotypes of malware, common vectors and why the simplest factors often work. We’ll touch on common locations, time stomping, common registry keys and malware beyond the world of Windows. You’ll learn why tools are great but humans are essential. We’ll show you some common sandbox flaws and add some real stories from the field and lessons learned.


Presenters:

  • John Laycock - Senior Threat Researcher at Fidelis Cybersecurity
    Mr Laycock has been involved with forensics for over 16 years. Starting out in the world of video forensics before moving over to computer forensics for the Department of Defense. He now works on the Threat Research Team for Fidelis Cybersecurity. Mr. Laycock lives in Maryland where he is a father of 3 children. As a life-long suffering Cubs fan, he keeps hoping that this is the year.
  • Chris Rogers - Senior Threat Researcher at Fidelis Cybersecurity
    Chris has 15+ years fighting the fight in Military Intelligence, State Department, Pentagon, US Cert, DC3, Bank of America before ending up on the Threat Research Team for Fidelis Cybersecurity.

Links:

Similar Presentations: