The tools for analysing malware range from simple hex editors and Interactive Disassemblers to GUI based tools that integrate online searching and analysis. Each incident will often dictate the specific tools or techniques utilized. A possible infection through a social engineering email that is in the process of infecting network systems may require analysts to work rapidly to identify the malware's behaviour and craft a solution to remove it.In other circumstances, a security control may have identified a file that it deems suspicious.With no active incident at hand, the incident response analysts may want to completely rip apart the code to determine if it had a specific purpose. In either case, the following tools are useful in assisting in the process but, by no means, it is the list all inclusive.
Before taking on the task of analyzing, ensure that the system utilized is properly isolated from the network and anti-virus is turned off. One technique is to utilize a virtual machine that can be snapshotted before use and returned to that state after analysis.