The professional version is able to disassemble and analyze just about any type of software on any architecture. The demo version can only disassemble x86 Windows PE files, so that's what I'll be using here. Although IDA Pro is a commercial software package (the professional version sells for over $1,100), we will initially use the demo version so that everyone can use it and become familiar with it. In this tutorial, I will start you along the path to using and understanding this powerful and widely used piece of software.
Remember, the FBI used this type of analysis to attribute the Sony hack to North Korea. Since hackers often use the same code modules as other malware and other clues are left in the code, often times malware analysts can attribute the malware to a particular hacker, group, or country by doing this type of analysis. Malware forensics is the discipline of disassembling malware to determine the origin of the malware. In hacking, this would enable us to use a successful piece of malware that has a known signature by antivirus software and intrusion detection systems and build a new piece of malware that does the same thing with an unknown signature. Reverse engineering is the discipline of studying how a piece of code works and then building something that does the same thing, but differently. Becoming familiar with IDA Pro and other reverse-engineering tools is a prerequisite to working in this industry.
These are some of the most valuable and most sought after skills in the digital forensic industry. IDA Pro is designed to debug and disassemble software that can be critical for reverse engineering malware and doing malware forensics. It is an excellent tool for malware forensics and an excellent tool for malware re-engineering.
No tool embodies this complementary relationship better than IDA Pro. Unfortunately, few people in either profession cross these discipline lines. The better you are at digital forensics, the better hacker you are, and the better hacker you are, the better you are digital forensics. Digital forensics and hacking are complementary disciplines.
0 kommentar(er)
