DKIM- domain key identification method

SPF- sender policy framework

DMARC: domain based messaged authentication reporting and conformance

1. Scan the file with antivirus software- Do deep scan

2. Or else you can use Virus total for scanning purpose, but remember that VT community will
be able to access the file, so we submit the hash value
3. File hash- we use the tool called hash calc-also even with file hash value the attacker can
monitor the hash value, and if the user submit the attack and the attacker can try social
engineering methods
4. Identifying the file type- Attackers use different techniques to hide their file by modifying file
extension and changing the appearance to trick users into executing it. Knowing the file type
will give an idea what is the target of the malware ( OS and 32 or 64 bis)
5. File signature- for finding out the format of the file, it will be in hex form The tool is called
Hexed – The list of all signature is provided in google .
Also we can use a tool called Exe info PE- Tells if the file is executable or not

6. Check for packers-

-Packers are used to compress binary files
- Malware attackers use packers to mask their malware Eg: UPX,EXE stealth
- We need to unpack a sample before analysing it .
- We use EXE info PE in identifying if the file is packed and also we get the information how to
unpack it.
7. Extracting strings:
-Process of extracting readable characters and words from malware
-String analysis: gives libraries and functions used in the program, an message the program is
trying to print, File names or file paths, URLS, IP address, Registry keys
 -Also attacker can misguide the analysis
-We can use Bin text for extracting strings
8. PE File analysis: malicious indicators in PE File
-Timestamp: sample with time stamp older than 1992 or samples with a future date could be
possible of malicious.
- Number of sections: more than >10 sections- malicious
-Usually the .text sections that contains the executable code should nerver have write
permissions, write permission on a .text section is a indicator of malicious file

Log 4j makes it possible for remote code execution and access of servers using the java logging
library.

-https://youtu.be/H4bLUpdFDYo

- FORENSIC INTELLIGENCE: DEFENSIVE OR OFFENSIVE

--https://www.sumologic.com/glossary/indicators-of-compromise/ -for monitoring IOC

- threat intelligence and vulnerability: cyberkill chiain model and picerl process
-cryptography: An example of basic cryptography is a encrypted message in which letters are
replaced with other characters. Cryptography technique is known as CIA.

It is the understanding of encytping and decrypting data

-Mitre attack :