Are there any tools out there or methods available to download a suspect file for analysis without having to worry about being infected?
feedback
|
Downloading into an AV-style quarantine usually implies that the file is encoded or encrypted in some way to completely disable any ability it might have to attack the OS through a metadata exploit or accidental execution. This, however, would negate your ability to analyse the file. Virtual machines are probably your best bet. As long as you disable certain sharing mechanisms that are often bundled as default features with VM products (e.g. directory sharing) the isolation should be very good. Here's my usual procedure, within a VM:
If you can use a dedicated machine for this work, it is always wise to do so. It allows you to configure a firewall on the host that limits outgoing traffic from the VM, without the danger of the malware disabling it. It also allows for easier containment should something bad happen. Of course, the most secure solution would be to analyse any executables on a platform that doesn't support them, e.g. analyse Windows malware on Linux. However, it may be more difficult to find good analysis tools. | |||
feedback
|