![]() ![]() ![]() For instance, if the specimen calls out for a Web server, the specimen relies upon network connectivity to some degree, and perhaps more importantly, the program's interaction with the Web server may potentially relate to the program's vector of attack, additional malicious payloads, or a command and control structure associated with the program. First, the collected traffic helps to identify the network capabilities of the specimen. Monitoring and capturing the network serves a number of investigative purposes. In addition to monitoring the activity on the infected host system, monitoring the live network traffic to and from the system during the course of running our suspect program is also important. Aquilina, in Malware Forensics, 2008 Network Activity ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |