Home
Topics
IT security
Data breach incident management and recovery
Royal Holloway 2012: An incident response process for armoured malware

Feature

Royal Holloway 2012: An incident response process for armoured malware

SearchSecurity.co.UK Staff

2012 Royal Holloway thesis series Makers of today’s malware go to great lengths to disguise their code and cover its tracks, often making it virtually impossible for even the most determined investigator to trace the true course of events.

For his MSc thesis at Royal Holloway University of London (RHUL), Steve Hendrikse, under the supervision of course director John Austen, set out to explore how formal incident response processes need to change in the light of this increasingly complex or 'armoured' malware.

In an article (.pdf) published here on SearchSecurity.co.UK, Hendrikse outlines the elements of a good incident response process, and then explains the various techniques malware developers use to disguise their code and prevent it from being analysed.

Read the article

Download the article on malware armouring (.pdf) by Steve Hendrikse.

Read the full thesis (.pdf).

Hendrikse concludes that the time and effort involved in conducting this analysis may not be worthwhile, especially since there is growing pressure on companies to have their systems up and running as soon as possible.

This article is essential reading for anyone involved in either designing an incident response process or in forensic investigations of malware infections.

This feature is one of six that SearchSecurity.co.UK is publishing this year in collaboration with RHUL.

Email Alerts

Register now to receive ComputerWeekly.com IT-related news, guides and more, delivered to your inbox.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Read More

This was first published in June 2012

COMMENTS powered by Disqus // Commenting policy

More from Related TechTarget Sites

CIO
Security
Networking
Data Center
Data Management

CIO
- Business and social network apps belong together: Will they ever meet?
  
  Social and business apps need to merge. But does anyone know how that's going to happen?
- Learning native tongue of your business is key to reviving role of IT
  
  If CIOs are to remain relevant and strategic, they need to teach their IT teams the lingua franca of business.
- It's time to rebrand enterprise IT expertise
  
  As businesses go digital, technology expertise is needed more than ever. The question is how to do that in a way that doesn't alienate the business.
Security
- RSA Silver Tail improves online fraud detection, enterprise security
  
  Fraud prevention for the Web: RSA Silver Tail sets stage for enterprise-level security with big data and brand new interface.
- Users may remain vulnerable despite Oracle Java patch release
  
  Oracle has issued a new security patch for Java, but only 7% deployed the patch before it.
- Gary McGraw: NSA data collection programs demand discussion, scrutiny
  
  Opinion: Gary McGraw details the various and sundry NSA data collection programs and explains why all its efforts demand new discussion and scrutiny.
Networking
- Will bring your own device security make you sacrifice convenience?
  
  Employee-owned devices can seriously undermine security. But bring your own device is probably here to stay. So what should IT do?
- Marble Security's cloud-based mobile security service augments MDM
  
  Marble Security released its new cloud-based mobile security service that can work with MDM tools for protection of employee-owned mobile devices.
- New VMS feature enables big spines of Mellanox Ethernet ToR switches
  
  A new Layer 3-based Virtual Modular Switch feature on top-of-rack Ethernet switches from Mellanox enables large clusters for leaf-spine architecture.
Data Center
- Battery monitoring service prevents outages, extends battery life
  
  The latest backup battery monitoring services can prevent outages and extend battery life. Plus, they take power monitoring off IT's task list.
- Red Hat Open Hybrid Cloud aids private, public cloud management
  
  Hardware, virtualization, public and private cloud are all converging and need to be managed as one environment. Enter Red Hat's Open Hybrid Cloud.
- Mainframe modernization takes on urgency
  
  A Red Hat Summit talk on database and mainframe modernization highlights urgency, need for agility in enterprise development teams.
Data Management
- Events report: Information Builders Summit 2013, graph databases and more
  
  SearchDataManagement editors discuss the Information Builders user conference and two other events; topics include graph databases and 'data artists.'
- From 4GLs to HTML5 desktop apps: Bringing data to the masses
  
  Advocating wider access to data, speakers at the Information Builders Summit 2013 traced a journey from 4GL tools to HTML5 desktop apps and beyond.
- Enterprise data quality efforts in good company with MDM, governance
  
  Combining data quality initiatives with master data management and data governance programs can help ensure that data remains accurate and consistent.

All Rights Reserved,Copyright 2000 - 2013, TechTarget