Skip to content
Log in

Disassembly

Definition

The process of converting raw binary machine code back into human-readable assembly language instructions. Disassembly is always achievable from a binary, unlike decompilation, but requires the analyst to understand assembly mnemonics and calling conventions for the target architecture.

Related terms

Cryptographic hash
A fixed-length digest produced from a file's bytes by an algorithm such as MD5 (128-bit), SHA-1 (160-bit), or SHA-256 (256-bit). Identical files...
Import Address Table (IAT)
A section of the PE header that lists every external DLL and the functions the executable calls from each. A malware sample's...
Indicator of Compromise (IoC)
An observable artefact that suggests a system has been involved in a malicious event. Static analysis produces file-based IoCs: cryptographic hashes, embedded...
Packer / packing
A technique in which the original malware code is compressed or encrypted and wrapped in a stub loader that decompresses or decrypts...
Portable Executable (PE)
The binary file format used by Windows executables (.exe), dynamic-link libraries (.dll), and drivers (.sys). The PE header contains a structured metadata...

Explained in

  • Static Malware AnalysisThe process of converting raw binary machine code back into human-readable assembly language instructions. Disassembly is always achievable from a binary, unli...

Your journey to becoming a forensic professional starts here.

Practice with mock tests, learn from structured notes, and get your questions answered by a global forensic community, all in one place.

Continue learningCreate Your Account