File Analysis is an analytic process to determine a file's status. For example: virus, trojan, benign, malicious, trusted, unauthorized, sensitive, etc.
Some techniques use file signatures or file metadata to compare against historical collections of malware. Files may also be compared against a source of ground truth such as cryptographic signatures. Examining files for potential malware using pattern matching against file contents/file behavior. Binary code may be dissembled and analyzed for predictive malware behavior, such as API call signatures. Analysis might occur within a protected environment such as a sandbox or live system.
There are 6 techniques in this category, File Analysis.
|File Analysis is an analytic process to determine a file's status. For example: virus, trojan, benign, malicious, trusted, unauthorized, sensitive, etc.
|- Dynamic Analysis
|Executing or opening a file in a synthetic "sandbox" environment to determine if the file is a malicious program or if the file exploits another program such as a document reader.
|Malware Detonation , and Malware Sandbox
|- Emulated File Analysis
|Emulating instructions in a file looking for specific patterns.
|- File Hashing
|Employing file hash comparisons to detect known malware.
|- File Content Analysis
|Employing a pattern matching algorithm to statically analyze the content of files.
|- File Content Rules
|Employing a pattern matching rule language to analyze the content of files.
|File Content Signatures , and File Signatures