1.1.5.4. Copy contents in RAW. This is the actual suspect
1.1.5.1. Manually Acquire File from Disk and Extract to secure
1.1.5.4. Copy contents in RAW. This is the actual suspect
1.1.5.1. Load Helix or Backtrack from CD-ROM
1.1.5.2. Mount /dev/sdb1 partition into Sleuthkit case
1.1.5.3. Locate required file and click it for meta analysis.
1.1.5.5. Upload to Symantec Support for analysis.
1.1.5.6. Upload to ThreatExpert.com for automated analysis.
1.1.5.7. Upload to Virustotal.com for AntiVirus vendor comparison.
By
Efrain Ortiz