.
Running and analyzing malware using VMware and virtual machines involves the following steps:
Start with a clean snapshot with no malware running on it.
Transfer the malware to the virtual machine.
Conduct your analysis on the virtual machine.
Take your notes, screenshots, and data from the virtual machine and transfer it to the physical machine.
Revert the virtual machine to the clean snapshot.
As new malware analysis tools are released and existing tools are updated, you will need to update your clean base image. Simply install the tools and updates, and then take a new, clean snapshot.
To analyze malware, you usually need to run the malware to observe its behavior. When running malware, you must be careful not to infect your computer or networks. VMware allows you to run malware in a safe, controllable environment, and it provides the tools you need to clean the malware when you have finished analyzing it.
Throughout this book, when we discuss running malware, we assume that you are running the malware within a virtual machine.
Войти в систему
Войти с помощью соц. сетей:
