Phases of virus and malware analysis include:
Sample collection – CyVectors can receive malware and virus artifacts via an upload link provided at the start of the client engagement. Any virus or malware found during black hat pen testing, or email forensics investigations, will automatically be analyzed by CyVectors and submitted to the FBI’s InfraGard database.
Basic static analysis – Your malware sample is analyzed for traits around file type, file size, checksums, etc. These findings are included in your final report from CyVectors.
Advanced static analysis – Your malware sample file is decompiled and analyzed for byte code sequences, ASCII string interpretation. At this stage, the intent and potentially information about those who created the malware begin to come into view. These findings are included in your final report from CyVectors.
Basic dynamic analysis – Your malware sample is placed in a sandboxed environment and put through an extended de-obfuscation and debugging process. This process allows CyVectors see the malicious code execute step by step, identify registry settings that are being targeted, startup folder persistence techniques, and much more. These findings are included in your final report from CyVectors.
Advanced dynamic analysis – Your malware sample is placed in a sandboxed environment and the malware fully infects the CyVectors sandbox virtual host. CyVectors leverages packet capture from our own LANVector and WANVector software solutions, in-house developed file and registry monitors and more. Many viruses and malware will attempt to evade detection when in a virtual environment to stop analysis from occurring. CyVectors internally-hosts DNS and other network resources that convince the virus or malware it is operating out in the wild.
Phases of email forensics include:
Sample collection – CyVectors can receive OST or PST files via an upload link provided at the start of the client engagement. CyVectors understands that the email file may contain company-sensitive information about your organization. Collection, handling, and disposition of the email file is closely guarded by CyVectors. The email file maintains a password from the time it is uploaded until it is destroyed. Once the email forensics process completes, CyVectors has no need for the original PST or OST file. A notice of disposition is sent to the client once the file is destroyed. If the PST or OST file is not accessible, the file can be generated directly from the user’s account on the email server.
Email file parsing – Leveraging CyVectors email forensics analysis software, the PST or OST file has emails and attachments separated and numbered. This parsing and numbering processes allows later stages of the forensics stages to correlate and identify threats by number, and then become searchable by number for continued investigations once the CyVectors engagement ends.
File content and attachment scan – CyVectors internally-developed forensics analysis software scan all emails within the user account for phishing-related characteristics, viruses, malware, and hundreds of other anomalies seen by email attacks.
IP parsing and geolocation – Once the email is processed, a second processing phase occurs that takes every IP address seen by the email analysis, and geolocate those addresses. This creates a profile for inbound emails in terms of what is normal, and anomalies that lend themselves to external attacks posing as internal resources.
AI threat analysis – After IP parsing and geolocation completes, the IP addresses seen by the analysis are run through an AI cloud where known attacks and emails with potentially malicious intent are identified in ways humans could not.
Attack root cause identification – The results from the AI analysis, geolocation, and hundreds of other factors are boiled down to a few emails that would require the most immediate attention by executives, security staff, and IT teams.
*All forensics findings are included in your final report from CyVectors.
Please read this notice before contacting CyVectors
If you believe you are the victim of a cyber crime, please notify iC3 using this simple form to file a report before contacting CyVectors. If you need help determining if a cyber-related crime has been committed, please continue.
If you have a suspicion that your computer and/or surrounding home or office network has been compromised, you should assume all email, text, browser activity, and even your keyboard's keystrokes, are being monitored. To avoid notifying the cyber-criminal about your contact with CyVectors, do not contact CyVectors using any of these methods. It is also possible that your desktop screen, camera, and microphone are also being monitored. The best way to initially contact CyVectors is using the encrypted chat box on the bottom-right of this web page. Provide a phone number or email address where CyVectors may reach you, and a general description of what has brought you to CyVectors for assistance.
Unless you "opt out" within your CyVectors agreement document, network breaches discovered by CyVectors will result in the attacker's information being reported to the US Federal Bureau of Investigations via InfraGard.
Email account and virus or malware analysis (per case)