Malware Detection Checklist
The following is a sample checklist that you can use as part of your malware detection process. All of the tasks listed in this checklist are taken from chapter 6, “Malware Detection”, of Windows Forensic Analysis 3/e. Please feel free to use this checklist, or modify it to suite your needs.
The following is a sample checklist that you can use as part of your malware detection process. All of the tasks listed in this checklist are taken from chapter 6, “Malware Detection”, of Windows Forensic Analysis 3/e. Please feel free to use this checklist, or modify it to suite your needs.
| Task | Findings/Notes | |
| Check for installed AV | ||
| Review available Logs (MRT, Defender, McAfee, Application Event Logs, etc.) | ||
| Scan mounted image with AV | ||
| Scan for packed files | ||
| Digital Signatures (Sigcheck.exe) | ||
| WFP Check (wfpchck.pl) | ||
| ADS check (lads.exe) | ||
| PE file “compile time check” | ||
| MBR check (mbr.pl) | ||
| Registry Analysis – autostart & artifact locations, modifications to firewall settings, etc. (RegRipper) | ||
| Registry Analysis – System hive, enum\Root\Legacy_* subkeys (RegRipper) | ||
| Check for web activity/history in LocalService/Default User profiles | ||
| Check System Event Log; Event ID 7035 with user SID | ||
| Check Scheduled Tasks, Scheduled Task Log (SchedLgU.txt) | ||
| User %Temp% dir: PE files, with .exe or .tmp extensions; Java .jar files/JavaFX key, updates to jusched.log, etc.) | ||
| MFT checks (mft.pl) |
發表文章
0 意見: