SlideShare a Scribd company logo

Anatomy of File Analysis and Decomposition Engine

Mario Suvajac, profile picture
Mario Suvajac

The document outlines a comprehensive approach for information collection and forensic analysis of files and binary objects, emphasizing metadata extraction like mobile app permissions and geolocation. It highlights the need for rapid processing at scale, addressing challenges such as file protection layers and varying complexities in analysis. Methods mentioned include preprocessing, validation, and the use of various identification engines for effective threat intelligence and security measures.

Technology
Related topics:
Reverse Engineering
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
Anatomy of File Analysis and Decomposition Engine
Anatomy of File Analysis and Decomposition Engine
Anatomy of File Analysis and Decomposition Engine
• Collect as much information as possible from files/binary objects – Other contained files/objects – Metadata, e.g. mobile app permissions, geolocation, IP addresses, domains, etc. • Strip protection layers for additional analysis • Do it really, really fast • Do it at scale
• Forensics • Anti-Virus • Threat Intelligence • ...
Anatomy of File Analysis and Decomposition Engine
• Files can be – Packed – Obfuscated – Encrypted – Broken • Large amounts of data to process • Speed
Anatomy of File Analysis and Decomposition Engine
• Consolidating metadata and files/objects • Scheduling • Reporting • Communication
METADATA FILES ENGINE FILES
• Preprocessing – Identification – Initial analysis • Analysis – Unpacking – Validation • Post processing – Consolidating metadata
MODULES SCHEDULER VALIDATION IDENTIFICATION ANALYSIS UNPACKING ... REPORT, METADATA, FILES
• Speed • Security • We can emulate
Anatomy of File Analysis and Decomposition Engine
• Various identification engines – Signature based – Heuristics – ... • Problems
• Signatures • Various complexity – Simple (e.g. PEiD) • Simple byte and wildcard matching, hash matching • 12 ?? 56 ?8 9? – Medium (e.g. TitanMist) • Small Regex like subset – High (e.g. TLang) • Almost full fledged programming language • Other
Anatomy of File Analysis and Decomposition Engine
• Some parts depend on identification • Dedicated analysis modules • Internal/external modules
• Unpacking • Validation • Collecting metadata • Repairing broken files
Anatomy of File Analysis and Decomposition Engine

More Related Content

PPTX
Archivematica integration handshaking towards comprehensive digital preserva...
Artefactual Systems - Archivematica
 
PDF
Hierarchical DIP upload from Archivematica to AtoM
Artefactual Systems - Archivematica
 
PDF
Personal Digital Archiving 2015 - NYU - Workshop
Artefactual Systems - Archivematica
 
PPTX
Interoperability in Digital Libraries
Dept of Library and Information Science Tumkur University
 
PDF
2015 05-07-mac
Artefactual Systems - Archivematica
 
PDF
Analysis of (unknown) file formats
Mario Suvajac
 
PPT
Digital detective game
Bill Carver
 
PPT
Network forensics1
Santosh Khadsare
 
Archivematica integration handshaking towards comprehensive digital preserva...
Artefactual Systems - Archivematica
 
Hierarchical DIP upload from Archivematica to AtoM
Artefactual Systems - Archivematica
 
Personal Digital Archiving 2015 - NYU - Workshop
Artefactual Systems - Archivematica
 
Interoperability in Digital Libraries
Dept of Library and Information Science Tumkur University
 
2015 05-07-mac
Artefactual Systems - Archivematica
 
Analysis of (unknown) file formats
Mario Suvajac
 
Digital detective game
Bill Carver
 
Network forensics1
Santosh Khadsare
 

Viewers also liked (9)

PPTX
Network forensics and investigating logs
anilinvns
 
PPTX
Network Forensics Intro
Jake K.
 
PPTX
Activity 6 home project - ppt presentation sample
Guilherme Pedro da Silva
 
PDF
Network Forensics
Andrea Lazzarotto
 
PPT
DETECTIVE ELEMENTS
diana.koscik
 
PDF
Elements of the Detective Story
cristinarrama
 
PPTX
Digital forensics
Roberto Ellis
 
PPTX
Computer forensics powerpoint presentation
Somya Johri
 
PPTX
Computer forensics ppt
Nikhil Mashruwala
 
Network forensics and investigating logs
anilinvns
 
Network Forensics Intro
Jake K.
 
Activity 6 home project - ppt presentation sample
Guilherme Pedro da Silva
 
Network Forensics
Andrea Lazzarotto
 
DETECTIVE ELEMENTS
diana.koscik
 
Elements of the Detective Story
cristinarrama
 
Digital forensics
Roberto Ellis
 
Computer forensics powerpoint presentation
Somya Johri
 
Computer forensics ppt
Nikhil Mashruwala
 
Ad

Similar to Anatomy of File Analysis and Decomposition Engine (20)

PPTX
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
jmical
 
PDF
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 
PPTX
Advanced malware analysis training session5 reversing automation
Cysinfo Cyber Security Community
 
PDF
VxClass for Incident Response
zynamics GmbH
 
PPTX
Advanced Malware Analysis Training Session 5 - Reversing Automation
securityxploded
 
PPTX
Building next gen malware behavioural analysis environment
isc2-hellenic
 
PDF
Online performance modeling and analysis of message-passing parallel applicat...
MOCA Platform
 
PDF
Inbot10 vxclass
zynamics GmbH
 
PDF
Malware Analysis -an overview by PP Singh
n|u - The Open Security Community
 
PDF
'Malware Analysis' by PP Singh
Bipin Upadhyay
 
PDF
INFOSEC LANDSCAPE AND RESEARCH TRENDS
gopikurup
 
PPTX
Reverse Engineering Malware - A Practical Guide
intertelinvestigations
 
PPT
Basics of Digital Forensics, techniques and tools
madhulikarsit
 
PPT
DigitalForensicDigitalForensicDigitalForensic
RPimpalgaonkar
 
PPT
DigitalForensicsDigitalForensics.pptDigitalForensics.ppt
MoshoodKareemOlawale
 
PPTX
Malware analysis as a hobby (Owasp Göteborg)
Michael Boman
 
PPTX
Malware Analysis as a Hobby - 44CON 2012
44CON
 
PPTX
Malware Analysis as a Hobby
Michael Boman
 
PPTX
DigitalForensics foundation and investigation tools
lexwill2000
 
PPT
DigitalForensics.ppt
ssuserba01a3
 
CYBER INTELLIGENCE & RESPONSE TECHNOLOGY
jmical
 
Stuxnet redux. malware attribution & lessons learned
Yury Chemerkin
 
Advanced malware analysis training session5 reversing automation
Cysinfo Cyber Security Community
 
VxClass for Incident Response
zynamics GmbH
 
Advanced Malware Analysis Training Session 5 - Reversing Automation
securityxploded
 
Building next gen malware behavioural analysis environment
isc2-hellenic
 
Online performance modeling and analysis of message-passing parallel applicat...
MOCA Platform
 
Inbot10 vxclass
zynamics GmbH
 
Malware Analysis -an overview by PP Singh
n|u - The Open Security Community
 
'Malware Analysis' by PP Singh
Bipin Upadhyay
 
INFOSEC LANDSCAPE AND RESEARCH TRENDS
gopikurup
 
Reverse Engineering Malware - A Practical Guide
intertelinvestigations
 
Basics of Digital Forensics, techniques and tools
madhulikarsit
 
DigitalForensicDigitalForensicDigitalForensic
RPimpalgaonkar
 
DigitalForensicsDigitalForensics.pptDigitalForensics.ppt
MoshoodKareemOlawale
 
Malware analysis as a hobby (Owasp Göteborg)
Michael Boman
 
Malware Analysis as a Hobby - 44CON 2012
44CON
 
Malware Analysis as a Hobby
Michael Boman
 
DigitalForensics foundation and investigation tools
lexwill2000
 
DigitalForensics.ppt
ssuserba01a3
 
Ad

Recently uploaded (20)

PDF
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
PPTX
MYSQL Presentation for SQL database connectivity
Swati270511
 
PDF
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
PDF
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PPTX
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
PDF
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
PDF
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
PDF
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
PPTX
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
PPT
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
PDF
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
PDF
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
PDF
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 
Dropbox Q2 2025 Financial Results & Investor Presentation
Dropbox
 
MYSQL Presentation for SQL database connectivity
Swati270511
 
Per capita expenditure prediction using model stacking based on satellite ima...
IAESIJAI
 
Machine learning based COVID-19 study performance prediction
IAESIJAI
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Tartificialntelligence_presentation.pptx
ry7r52mzb4
 
Video forgery: An extensive analysis of inter-and intra-frame manipulation al...
IAESIJAI
 
cuic standard and advanced reporting.pdf
SimoneTitaniumTomase
 
Assigned Numbers - 2025 - Bluetooth® Document
Bloombase
 
1. Introduction to Computer Programming.pptx
bonakiduza1024
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
Electronic commerce courselecture one. Pdf
OmerMohamed64
 
“AI and Expert System Decision Support & Business Intelligence Systems”
ZubinRadhakrishnan
 
A comparative analysis of optical character recognition models for extracting...
IAESIJAI
 
Network Security Unit 5.pdf for BCA BBA.
Serpent6
 
Blue Purple Modern Animated Computer Science Presentation.pdf.pdf
Akar16
 

Anatomy of File Analysis and Decomposition Engine

  • 4. • Collect as much information as possible from files/binary objects – Other contained files/objects – Metadata, e.g. mobile app permissions, geolocation, IP addresses, domains, etc. • Strip protection layers for additional analysis • Do it really, really fast • Do it at scale
  • 5. Forensics • Anti-Virus • Threat Intelligence • ...
  • 7. • Files can be – Packed – Obfuscated – Encrypted – Broken • Large amounts of data to process • Speed
  • 9. Consolidating metadata and files/objects • Scheduling • Reporting • Communication
  • 10. METADATA FILES ENGINE FILES
  • 11. • Preprocessing – Identification – Initial analysis • Analysis – Unpacking – Validation • Post processing – Consolidating metadata
  • 12. MODULES SCHEDULER VALIDATION IDENTIFICATION ANALYSIS UNPACKING ... REPORT, METADATA, FILES
  • 13. • Speed • Security • We can emulate
  • 15. • Various identification engines – Signature based – Heuristics – ... • Problems
  • 16. • Signatures • Various complexity – Simple (e.g. PEiD) • Simple byte and wildcard matching, hash matching • 12 ?? 56 ?8 9? – Medium (e.g. TitanMist) • Small Regex like subset – High (e.g. TLang) • Almost full fledged programming language • Other
  • 18. • Some parts depend on identification • Dedicated analysis modules • Internal/external modules
  • 19. Unpacking • Validation • Collecting metadata • Repairing broken files