Video Screencast Help
Security Community Blog

Malware Analysis and Response Step by Step Decision Tree

Created: 17 Sep 2010 • 4 comments
EfrainO's picture
+4 4 Votes
Login to vote

Malware Analysis Step by Step Decision Tree

In my travels, it has come to my attention that some folks have not taken or had the time to document a checklist or bullet list of actions to perform during an infection or an outbreak. In response I’ve created a decision tree to help as a guide for following a step by step process for malware analysis. The site is response.ortizonline.com .

The site basically contains a mindmap created using freeplane that steps the users through the process of analyzing a machine for malware. It provides links to both Symantec , 3rd party, fee and open source tools. The majority of the information has been mostly compiled from NIST SP800-83 , and public symantec KB articles.  I hope this is something that community members find useful and can provide feedback to improve.

Please provide any feedback and I'll be happy to update the decision tree.

 

Below is a sample of the decision tree.

 

Cheers,

Netrunner

 

 

1. Suspect Worm

Comments 4 CommentsJump to latest comment

BlackFog's picture

Maybe I miss something here but point 1.1.2.2.2 references to step 1.1.6 but 1.1.5 seems to be the last one here.

0
Login to vote
BlackFog's picture

Sorry, I missed the "this is a sample" part. But why not full version?

-4
Login to vote
EfrainO's picture

Uploaded to malwareid.com

 

I've gone ahead and created a website with the latest decision tree. It is an ongoing labor of love.

 

Let me know if you have any suggestions to add content to it.

 

Cheers,

 

Efrain

-2
Login to vote
Haridass shanthakumar's picture

Logical.... Advanced... awsome..

+4
Login to vote