This is a forensic course. First of all, we are interested in understanding how ransomware works, not only in “external” results (like a blocked screen), but in internal properties (in other words, the cipher properties, the payload procedure and the vector). Below, we have just one of a million of Locky blocker screen wallpaper template.
There are so many questions that we can ask about ransomware, but the main forensics questions (in my opinion) are:
- What is the pattern behavior behind ransomware file encryption?
- What are the ransomware file properties?
- What is the evidence in file format, size, libraries, functions and calls procedures?
These questions are raised because when we read about how the ransomware attacks have been stopped, we see a mix of technical approach and a sum of lucky action. And, faced with this scenario, we keep searching for answers!
Course duration: 18 hours (18 CPE points)
Self-paced, pre-recorded
