Software Engineering Institute | Carnegie Mellon University
Software Engineering Institute | Carnegie Mellon University

Digital Library

Javascript is currently disabled for your browser. For an optimal search experience, please enable javascript.

Advanced Search

Basic Search

Content Type

Topics

Publication Date

White Paper

The Use of Malware Analysis in Support of Law Enforcement

  • July 2007
  • By Ross Kinder
  • In this paper, Ross Kinder discusses how malware analysis supports the efforts of those pursuing adversaries employing malicious code in their tradecraft.
  • Malware Analysis
  • Publisher: Software Engineering Institute
  • Abstract

    One of the fundamental challenges to internet security is the use of technology to attack computer systems and steal the assets they contain. These assets include data (proprietary, intellectual, financial, personal, and classified) and resources (bandwidth, computing power, and storage space). Once compromised, these assets are commonly used by the attackers for financial gain or to carry out additional attacks on other systems to further the criminal enterprise. One common method of attack on computer systems involves the use of malicious software, or "malware." The CERT Coordination Center performs malware analysis in order to understand how technology fails and can thus be improved, to identify how assets are targeted and how they can be better protected, and to identify evidence that may be useful in pursuing attribution of adversaries. In this paper, we discuss how malware analysis supports the efforts of those pursuing adversaries employing malicious code in their tradecraft. We provide examples of the types of insights that can be made by examining artifacts of a computer intrusion (such as malicious code). We also discuss how those insights can become clues law enforcement officials can use to further an investigation.

  • Download