Malware Analysis & Digital Forensics
Check how various CERT agencies leverage IDA Pro to strike back against malware attacks
Digital forensic investigations occur when malicious software compromises a system. In the event of a software-based attack, companies usually dispatch specialized Computer Emergency Response Teams (CERTs) to eliminate the threat, assess the extent of the damage, and understand how the attack was implemented to prevent similar incidents in the future.
Such teams collect digital evidence from various devices and even distributed systems and thus work with a wide variety of binary code formats and often obfuscated code.
IDA Pro can analyze binary code collected during a forensic investigation. It can handle virtually any code that runs on modern processors, even heavily obfuscated ones.
IDA has been relentlessly battle-tested in the field against real-world malware, and possible feature extensions via custom scripts and plugins have made it the tool of choice for many CERT organizations.