Haittaohjelmien analysointiLaajuus (5 op)

Osaamistavoitteet

The course covers tools and methodology for malware analysis without going into disassembly. (Course TTC6510 Reverse Engineering covers disassembly). The course covers dynamic analysis, sandboxing, and finding traces of malware activity from various logs. The goal is to learn tools and methods to analyze malware behavior and be able to draw some conclusions about what the malware does relatively quickly.

Competences
EUR-ACE: Knowledge and understanding 
EUR-ACE: Engineering practice

Sisältö

Sandboxes, operating system logging, dynamic analysis tools, common malware behavior.

Esitietovaatimukset

Basics of programming, operating systems, data structures and algorithms

Arviointikriteerit, tyydyttävä (1)

Sufficient (1): The student is able to perform the most basic malware analysis tasks with assistance. The student has a general understanding of the findings.

Satisfactory (2): The student understands the most basic topics discussed during the course, however, he/she struggles to utilize this knowledge. The student is not able to search for relevant information independently. The student is able to perform the most basic malware analysis tasks with assistance. The student has a general understanding of the findings.

Arviointikriteerit, hyvä (3)

Good (3): The student understands the most important topics discussed during the course and is able to utilize this knowledge in the most basic cases. The student is able to utilize information about the discussed topics. The student is able to perform malware analysis tasks. The student understands most of the findings.

Very good (4): The student understands the most important topics discussed during the course and is able to utilize this knowledge in most common cases. The student is able to search and understand information about discussed topics. The student is able to perform malware analysis tasks independently. The student understands most of the findings.

Arviointikriteerit, kiitettävä (5)

Excellent (5): The student understands all topics discussed during the course and is able to use them in an innovative manner even in challenging situations. The student is able to search and utilize information about discussed topics independently. The student is able to perform malware analysis tasks independently using tools covered in the course and has the ability to utilize widely available tools not covered in the course. The student understands all of the findings.