It’s often very difficult for new analysts to lockdown consistent workflows or processes when approaching analysis. I’m convinced that starting from any foundation, no matter how mature will put you in a better position to tackle future obstacles.

While the concept of a good workflow can be applied to several different flavors of analysis, I’m going to start with my process for malware analysis. This is something I struggled with initially and still grapple with to this day. I attribute this to every sample being different and that instinct to try and develop a guide for every unique scenario, which is silly.

That being said, how do you begin and start progressing toward something that works?…. JUST START 🙂 

I honestly don’t think there is one correct way to answer this question. Regardless of your learning style, taking the time to develop a flow can help you along the way as you discover more efficient ways of doing things.

Here are some considerations before getting started…

• Do some research and see how other seasoned malware analysts are doing it

• Determine a mechanism for cataloging and searching the samples you’ve analyzed

• Compile a list of resources (e.g. malware repositories, news feeds, community forums…etc)

• Think about the questions you want to answer about any given sample

• Gauge what the final product will be (if you intend on having one) and if you plan to share your work

For Blog Post Two: What's Your Analysis Process Pt. 2, I’ll share the method I use, the resources I've collected, and a workflow that might help you out.

What did you think?!

Curious about something you read or have questions, contact us!