dpark Posted December 11, 2014 ID:918485 Share Posted December 11, 2014 Hello,I am new to the forum so I am sure my question has been asked more than once, however I cannot think of a good way to search for my topic. If you can point me in the right direction of the answer I would be much appreciated. I have been tasked to write up a procedure for when Malware has been detected. I have been reading a few different books such as, Malware Forensics Investigating and Analyzing Malicious Code, Computer Forensics, and Malware Analyst’s Cookbook, admittedly I have not read each one cover to cover yet, but I am working on it. These books have a great information on how analyze a system and analyze the malware discovered, but they lack a good starting point.What I mean by that is, when Malware/Virus/Etc is detected and then cleaned by the anti-virus program (Kaspersky, Malwarebytes, Norton,..) are there any other steps needed? Should I start a full forensic analysis on a virus alert or can I be safe in knowing that my AV has already found the malware and cleaned it from the system? I am starting to believe that perhaps not every alert dictates a full forensic analysis starting from live data capture to re-imaging the machine, which is the process I have currently written. Any advice would be really appreciated it.Thank you for your time. Link to post Share on other sites More sharing options...
David H. Lipman Posted December 12, 2014 ID:918492 Share Posted December 12, 2014 dpark: I don't think this is the proper venue. The volunteers and Malwarebytes' employees who come here are actively assisting those who are infected. They aren't here to discuss policy or actions taken. You write..."I have been tasked to write up a procedure for when Malware has been detected. " Usually when one is "tasked" it is by those that employ them. Thus we then are in the mode of formulating company or corporate policy. When it comes to company or corporate policy there is much at stake from a competitive edge to corporate earnings. I always talk about data stealers and "Why recreate the wheel when you can steal the plans". Thus one has to protect corporate data, interests, employee's PII, earnings, market share, yada, yada... Prevention is better than cure and if corporate PC is infected, take draconian action. Wipe the PC and reinstall the OS from a Ghost image. CAVEAT: To home users who are retail product consumers and who are the actual posters requesting assistance in this Sub-Forum, the advice above is not for home and retail users and they can use a Cost Benefit Analysis (CBA) and one can come to the conclusion that a PC can be cleaned successfully. They may also may decide to wipe and reinstall. That may be swatting a fly with a sledge hammer and not needed. This is different than the corporate environment simply because there is more at stake and they can be selectively targeted by Spear Phishing and other ploys based upon the target's business model. Using malware the home user may never even see because it is a "targeted attack". Targeted attacks on the home user is rare ( Albeit if one puts their-self into a particular situation they may be the target. An example may be someone like Brian Krebs ) . Please note that since this Sub-Forum is for assisting the infected consumer and not for discussing company/corporate malware policy, this topic is Off Topic and may get locked or moved at the Forum Administrator's discretion. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 4, 2015 Root Admin ID:944992 Share Posted March 4, 2015 Since this issue is resolved I will close the thread to prevent others from posting here. If you need assistance please start your own topic and someone will be happy to assist you. Link to post Share on other sites More sharing options...
Recommended Posts