Digital Forensics: Malware Analysis Applied Scenarios

FACT digital forensics drill pitched at applied scenarios in malware analysis: triage decisions, PE static reads, dynamic detonation, memory forensics, persistence mapping, and the legal frame in India. Each question hands the candidate a piece of evidence drawn from a real workflow (a section entropy reading, an Import Address Table excerpt, a YARA fragment, a Sysmon event line, an ld.so.preload artefact, a launchd plist, an MFT timestamp pair) and asks which technique, tool, or statute fits.

Calibrated for B.Sc and M.Sc forensic-science aspirants preparing for FACT, NFSU MSc Digital Forensics entrance, and the SANS GREM and EC-Council CHFI tracks. The medium band sits between vocabulary recall and full reverse-engineering case work: the candidate must connect two ideas in a single question (entropy plus section name, command-line plus parent process, registry path plus ATT&CK technique) rather than restate a single definition.

Topics covered:

• Static triage: packers, section entropy, imphash and import tables
• Dynamic detonation: Cuckoo and CAPE for fileless PowerShell loaders
• Process injection signatures: VirtualAllocEx, process hollowing, doppelganging
• Memory forensics: Volatility malfind and unbacked RWX regions
• Persistence across Windows, Linux, and macOS with ATT&CK mapping
• Behaviour patterns: C2 beaconing, DGA, ssdeep similarity, Pyramid of Pain
• NTFS anti-forensics: timestomp and partial USN journal recovery
• Indian cyber law: IT Act Sections 43, 66, and 70 selection

Answers, options, and detailed explanations are revealed only after submission on the results page. Allow 30 minutes.