Análisis forense de una infección por malware

Abstract

[en] Today cybersecurity is a concept in progress in this society, given the state of pandemic due to CoVid-19 many companies have had to adapt to the new normal by increasing the number of people teleworking, due to the rush and lack of guidance , 2020 has become a goldmine for cybercriminals. This paper presents the topic of forensic analysis of malware on a Windows 10 system. First, a small introduction is made and the reason for the selection of this work, followed by an explanation about the rise of cyber attacks today, statistics on the use of computers in families and / or companies and why we are currently in a time where having good security in our system is of vital importance to avoid catastrophes. The main intention of this work will be exposed, which is to perform a mock forensic analysis on an infected computer. The different phases of this are analyzed following international regulations and a short explanation of the different types of malware that currently exist and how they work is also exposed. Finally, we will do a practical job infecting a virtual machine with a Windows 10 snapshot using a backdoor malware called Gcat, we will analyze how it works, how we can infect the victim and what options this malware has once infected, we will analyze what the attack is backdoor and how it works and finally we will carry out a forensic analysis doing all the real tests and making a final report explaining what evidence we have found on the infected computer.