Activity |
Observed Results |
Load specimen onto victim machine |
|
Run antivirus program |
|
Research antivirus results and file names |
|
Conduct strings analysis |
|
Look for scripts |
|
Conduct binary analysis |
|
Disassemble code |
|
Reverse-compile code |
|
Monitor file changes |
|
Monitor file integrity |
|
Monitor process activity |
|
Monitor local network activity |
|
Scan for open ports remotely |
|
Scan for vulnerabilities remotely |
|
Sniff network activity |
|
Check promiscuous mode locally |
|
Check promiscuous mode remotely |
|
Monitor registry activity |
|
Run code with debugger |
|