(3) File Analysis And Sandboxing

Question 1

What makes it difficult to analyze files for malicious content and activity?

Answer 1

Tools that attackers use often obfuscate bad content through packing and encryption, which makes it difficult to analyze files without taking addition action.

Question 2

Describe how hashing can be used in file analysis

Answer 2

hashing can be used to compare possibly malicious or suspect files to original or good files. Tools such as tripwire, SHA256 or MD5 tools that Linux or PowerShell in Windows can be used to compare hashes

Question 3

Describe how manually searching for strings can help with file analysis

Answer 3

Searching files for strings can be useful as well as recoverable text from binary files.

This can be helpful when you want to look at a compiled program like an executable so that you can determine what it may do.

Question 4

What does the Linux strings command do?

Answer 4

The Linux strings command searches through a file and shows strings in a readable list

Question 5

When it comes to determining or discovering malicious activity, describe what sandboxes are

Answer 5

Sandboxes create a safe, calculated environment where you can run a bad file and application to figure out what they try to do and how they do it

Question 6

What is the Joe Sandbox service?

Answer 6

Joe Sandbox is a commercial sandbox option that has a free option that one can use to test a lot of different situations, files, and parameters

Question 7

Describe the Cuckoo Sandbox tool

Answer 7

Cuckoo Sandbox is an automated malware analysis tool that can be run as a self hosted tool.

It can analyze PDFs, Microsoft Office and other files and malicious websites