You are browsing the archive for Forensic Analysis.

DriverPack – Clean PDB paths

July 2, 2022 in Archaeology, File Formats ZOO, Forensic Analysis

Unique PDB debug paths embedded inside malware are useful to detect other variants of the malicious family (not applicable to more advanced malware families where authors either wipe the paths […]

Not installing the installers, part 2

May 22, 2022 in Archaeology, Batch Analysis, Clustering, EDR, Forensic Analysis, GoodWare, Sandboxing

In the last post I described how we can pull some interesting metadata from decompiled installers. Today I want to discuss one practical example of how this data can enrich […]