A Malware Convergence at jIIr

Tuesday, December 25, 2012 Posted by Corey Harrell
I normally wait until my blog’s anniversary to post about the direction I want to take in the upcoming year. However, there has been a perfect storm brewing over at jIIr and the eye of the storm would have passed if I waited until my anniversary. As the New Year approaches I’m looking ahead to see the direction this blog will take. jIIr has always been a platform for me to share my thoughts and research, and this will not change. In the upcoming year I foresee some changes to the content I post due to the perfect storm that is occurring. The storm I keep referring to is the convergence of different areas in my life revolving around malware. In the upcoming year I’ll be involved in: authoring a Malware Forensic book, developing a Malware Analysis course, and taking on additional malware responsibilities with my employer.

People and organizations from all walks of life are combating malware on a daily basis. The majority of the security defensive controls are ineffective at stopping the malware since attackers are bypassing them with ease. Throwing additional security controls at the issue is not the answer. What needs to be improved is the response to the malware issue; where the systems impacted are actually examined. Examining systems is one way to obtain intelligence that could be used to improve security. The question then becomes what resources are available to those wanting to take the step to start examining malware infected systems. Do those resources outline not only the process to follow but the tools to use, artifacts to look for, artifacts meaning, and provide sample data to practice on. Well, I have not been able to locate a resource to my liking addressing malware examinations. So I decided to create one and what I just describe is a glimpse of the book I’m starting at some point next year.

My book is on hold because my current focus is on another endeavor. I am developing the Malware Analysis course for Champlain College’s Master of Science in Digital Forensic Science program. The course will cover a range of topics from malware fundamentals to memory forensics to malware forensics to malware analysis (reversing). It is an honor to be a part of Champlain College and I’m looking forward to do everything I can to put together a great course for an outstanding program.

Lastly, I am starting to take on additional malware responsibilities with my employer. jIIr has always been a personal blog and I never discuss the work I do for my employer. I will continue to have this boundary so I won’t elaborate on what my responsibilities are besides hinting at the fact malware will take up more of my time at my job.

This malware convergence means I will be living and breathing malware everyday and all day for the upcoming year. The little personal time I may have for research is going to be spent on different aspects of the malware issue. As a result, jIIr is going to be more focused on topics related to malware. I will try my best to mix in other content about DFIR or security but to be honest I don’t know if I will have the time. The perfect storm has arrived and I hope you stick around to ride it out.

Merry Christmas and Happy New Year.

  1. Corey,

    Congrats on the course development. I, for one, am looking forward to all manner of great things to come from your blog and your efforts in 2013.

  2. Corey,

    I think that this direction for jIIr is going to be very beneficial to a lot of folks, particularly if you post/share your checklists. I know that there are a number of folks out there who want checklists (although few are willing to share the ones they currently use...).

  3. Harlan,

    Thanks for the kind words. As you know, I am a champion for maintaining checklists. They make things easier since we can't remember everything and provides us with a detailed documented process to follow. My personal checklist is over 100 pages and covers performing analysis on packet captures, Windows, and Linux (log analysis is in the works). I plan on incorporating a significant portion of it for the checklists I'm providing with the course and book. Plus, I'm building scripts that automate most of my checklist. As for jIIr, I'm still thinking about the best way to convey the information in blog format since the checklist is just a reflection of the process I use.

  4. Anonymous

    Be sure I'll buy your book and read it with great interest.... Thanks

  5. It will be great to follow your "new" direction! (ignoring the fact that I would follow your blog even if it was about cookies recipes ;))

Post a Comment