Malware Investigations

Title: Malware Investigations
Duration: 1 week

Course Aim

This course is intended for Law Enforcement Investigators who have a good knowledge of Computer Networking and the Microsoft Windows OS architecture. This course does not address reverse engineering and the disassembly of binary files. The objective is to obtain information from the malware analysis process that will help locate criminals and their infrastructure.


Basic knowledge of Computer Networking and the MS Windows architecture is required. This is enhanced and supplemented with a short e-learning component introducing the malware underground. All practical analysis will occur during the 5-day “in-class” training period. This enables students to learn practical analysis techniques under supervision and contain malware to a secure classroom network.

Students will need to be able to understand and communicate in English.

Small list of agenda / topics / main points

  • Create malware from a construction kit and deploy malware in a controlled lab environment
  • Demonstrate malware extraction techniques to identify infected machines
  • Apply the malware analysis process to a malware sample
  • Document the malware analysis process for evidential purposes
  • Determine the botnet architecture of a malware sample from network analysis
  • Explain the botnet takedown methodology for each architecture type
  • Build a sinkhole server for deployment in a botnet takedown
  • Utilise OSINT techniques to identify criminals and enumerate their infrastructure

If you are interested in applying for this course please read the following page