Home Software Using Binsnitch.py to Detect Files Touched by Malware

Using Binsnitch.py to Detect Files Touched by Malware


Daan Raman from NVISO Labs has published a blog post about their new tool Рbinsnitch.py. You can use this tool to detect unwanted changes to the file system.

Use binsnitch.py to:

  • create¬†a baseline of trusted files for a workstation (golden image) and use it again later on to automatically generate a list of all modifications made to that system (for example caused by rogue executables installed by users, or dropped malware files). The baseline could also be used for other detection purposes later on (e.g., in a whitelist);
  • automatically generate hashes of executables in a certain directory (and its subdirectories);
  • carefully track which files are touched by malware¬†during live malware analysis.
  • Spotting the Signs of Lateral Movement

    Derek King has published another post as part of his¬†“Hunting with Splunk: The Basic…
  • How to Deploy Cuckoo Sandbox

    Marc Rivero L√≥pez presented a how-to guide that will help you to deploy¬†Cuckoo Sandbox …
  • DFIR SQL Query Repository

    Alexis Brignoni has started a collection of¬†SQL query templates for digital forensics use,…
Load More Related Articles
Load More In Software

Leave a Reply

Your email address will not be published. Required fields are marked *