Esc
File Analysis
Definition
File Analysis is an analytic process to determine a file's status. For example: virus, trojan, benign, malicious, trusted, unauthorized, sensitive, etc.
Technique Overview
Some techniques use file signatures or file metadata to compare against historical collections of malware. Files may also be compared against a source of ground truth such as cryptographic signatures. Examining files for potential malware using pattern matching against file contents/file behavior. Binary code may be dissembled and analyzed for predictive malware behavior, such as API call signatures. Analysis might occur within a protected environment such as a sandbox or live system.
loading...
Technique Subclasses
There are 6 techniques in this category, File Analysis.
| Name | ID | Definition | Synonyms |
|---|---|---|---|
| File Analysis | D3-FA | File Analysis is an analytic process to determine a file's status. For example: virus, trojan, benign, malicious, trusted, unauthorized, sensitive, etc. | |
| - File Content Analysis | D3-FCOA | Employing a pattern matching algorithm to statically analyze the content of files. | |
| - Dynamic Analysis | D3-DA | Executing or opening a file in a synthetic "sandbox" environment to determine if the file is a malicious program or if the file exploits another program such as a document reader. | Malware Detonation , and Malware Sandbox |
| - Emulated File Analysis | D3-EFA | Emulating instructions in a file looking for specific patterns. | |
| - File Hashing | D3-FH | Employing file hash comparisons to detect known malware. | |
| - File Content Rules | D3-FCR | Employing a pattern matching rule language to analyze the content of files. | File Content Signatures , and File Signatures |
loading...
D3FEND™
A knowledge graph of cybersecurity countermeasures