Theory, practice and a construction manual for an automated analysis station for malware using trivial and free instruments.
October, 14th 2009
You can download the full document in pdf format
This paper outlines the relevant steps to build up a customizable automated malware analysis station
by using only freely available components with the exception of the target OS (Windows XP) itself.
Further a special focus lies in handling a huge amount of malware samples and the actual implementation
at CERT.at. As primary goal the reader of this paper should be able to build up her own specific
installation and configuration while being free in her decision which components to use.
The first part of this document will cover all the theoretical, strategic and methodological aspects.
The second part is focusing on the practical aspects by diving into CERT.at's automated malware analysis
station closing with an easy to follow step-by-step tutorial, how to build up CERT.at's implementation
for your own use. So feel free to skip parts.