Graduation exams at VSITE

Last week I've been on a few final graduation exams. One of the candidates Antonio Zekić did perfectly. His thesis "Forenzička analiza malicioznih programa" was under done my mentorship, I had hardy anything to do, just to enjoy reading

Here is summary  and keywords of the thesis:

"This thesis briefly describes the process of identifying, documenting and collecting data which is subject to forensic analysis. Techniques described include the process of proactive data collection, forensic hard drive duplication and collection of other key evidence.

The thesis also presents methods used in forensic analysis of collected data and key evidence which includes analysis of the file system, memory image, Registry database, Prefetch files, scheduled tasks and Event log entries. Most commonly used malware persistence mechanisms are described along with dynamic and static analysis of malicious software.

The thesis concludes with the practical work based on an the actual case in a which pre-prepared computer is infected with malicious software. The process of forensic analysis presented in the practical work includes analysis of memory image using the Volatility tool and its modules as well as file system analysis which is carried out using the Autopsy tool. The thesis also describes the techniques of dynamic and static analysis of malicious programs conducted in order to collect the information about the malicious program itself, its functions and purpose."

Keywords: Forensic analysis, malware, memory analysis, hard disk analysis, static analysis, dynamic analysis, Volatility, Autopsy

It was done from the real life everyday work practice, we are thinking of extending our lab exercises based on this paper because our current materials are bit old, The problem we have with RFOR curriculum at Vsite is cronical lack of trained  people so materials and equipment stays unchanged for a long time.