From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Join today to access over 22,600 courses taught by industry experts or purchase this course individually.
Executable analysis
From the course: CompTIA CySA+ (CS0-002) Cert Prep: 5 Security Operations and Monitoring
Executable analysis
- [Instructor] In our work as security analysts, we often come across files that we find suspicious. These may be files that are known malware, or they might be novel exploits that we are discovering for the first time. Executable analysis provides us with a way to dig into the contents of an executable file and attempt to discern its purpose. Executable analysis techniques come in two categories, static analysis and dynamic analysis. Static analysis techniques do not execute the file. They simply analyze it as is, looking for signs that the file might be malicious. Dynamic analysis techniques actually execute the file. We've already spoken about the use of sandboxing as a dynamic analysis technique, where we placed the file on a quarantined, safe system and execute it there, observing its activity after execution. So let's dig into a couple of static analysis techniques. The first thing that we should do when we have a…
Download courses and learn on the go
Watch courses on your mobile device without an internet connection. Download courses using your iOS or Android LinkedIn Learning app.