Hello, I am new to the forum so I am sure my question has been asked more than once, however I cannot think of a good way to search for my topic. If you can point me in the right direction of the answer I would be much appreciated. I have been tasked to write up a procedure for when Malware has been detected. I have been reading a few different books such as, Malware Forensics Investigating and Analyzing Malicious Code, Computer Forensics, and Malware Analyst’s Cookbook, admittedly I have not read each one cover to cover yet, but I am working on it. These books have a great information on how analyze a system and analyze the malware discovered, but they lack a good starting point. What I mean by that is, when Malware/Virus/Etc is detected and then cleaned by the anti-virus program (Kaspersky, Malwarebytes, Norton,..) are there any other steps needed? Should I start a full forensic analysis on a virus alert or can I be safe in knowing that my AV has already found the malware and cleaned it from the system? I am starting to believe that perhaps not every alert dictates a full forensic analysis starting from live data capture to re-imaging the machine, which is the process I have currently written. Any advice would be really appreciated it. Thank you for your time.
