Lernkarten

Karten 15 Karten
Lernende 2 Lernende
Sprache English
Stufe Universität
Erstellt / Aktualisiert 20.06.2019 / 01.07.2020
Lizenzierung Keine Angabe
Weblink
Einbinden
0 Exakte Antworten 15 Text Antworten 0 Multiple Choice Antworten
Fenster schliessen

What meta data can be found in files? (not from filesystem)

 

  • hidden information (visually redacted text)
  • deleted text / images form office docs
  • user infromation (who created? who edited?)
  • original file location (directory path)
  • timestamps and loaction info (GPS)
  • application used to create file
  • device used to record/capture images, sound, or video
  • edit history ("track changes")
  • technical details
Fenster schliessen

What is EXIF data?

EXIF - EXchangeable Imagefile Format

  • standard metadata format for media files
  • extensible, most common compatible standard
  • many tools to extract info
Fenster schliessen

What is the goal of deeper analysis of executable files?

The goal is to understand exactly what th program is doing (without having the original source code)

Fenster schliessen

What could be gained from a deep analysis of an executable and what could be a problem in doing so?

Problem:

  • obfuscation
    • phishing kits and browser injects may us obfuscated javascript

What could be gained:

  • binaries could be malware samples form an attack (identification)
  • all binaries contain some meta information (segments, sections)
  • binaries like malware can be "reverse engineered"
Fenster schliessen

What is static analysis?

Static analysis is when you:

  • anayze binary without exection
  • dissassembling (convert machine code to assemly language)
  • decompiling (convert to high level language like C)
  • IDA Pro, ollydbg are programs that can be used for static analysis
Fenster schliessen

What is dynamic analysis?

Dynamic analysis is when you:

  • analyze binary during execution
  • dangerous, use sandboxes
  • Joebox, Cuckoo are tools that can be used.
Fenster schliessen

Why is malware analysis not always done?

Malware analysis is a time consuming task requiring good knowledge of operating systems and how programs are compiled into assembly language.