1  

2  

3  

[References]  •  Joe  Sandbox,  h0p://www.joesecurity.org/index.php/joe-­‐sandbox-­‐standalone  •  GFI  Sandbox,  h0p://www.gfi.com/malware-­‐analysis-­‐tool  •  Cuckoo  Sandbox,  h0p://www.cuckoosandbox.org  •  ThreatExpert,  h0p://www.threatexpert.com/submit.aspx  •  GFI  ThreaetTrack,  h0p://www.threa0rack.com/  •  Anubis,  h0p://anubis.iseclab.org/      [Image  Sources]  •  h0p://plannerwire.net/wp-­‐content/uploads/2011/02/Playing-­‐

Sandbox_meeNng_planners.gif    

4  

[References]  •  Cuckoo  Sandbox  Book,  h0p://docs.cuckoosandbox.org/en/latest    [Image  Sources]  •  h0p://www.cuckoosandbox.org/graphic/cuckoo.png    

5  

6  

7  

8  

[References]  •  MAEC,  h0ps://maec.mitre.org      

9  

[References]  •  MAEC  Use  Cases,  h0p://maec.mitre.org/language/usecases.html  •  MAEC  in  Use,  h0p://maec.mitre.org/about/inuse.html    [Image  Sources]  •  h0p://maec.mitre.org/language/images/usecases-­‐1.jpg  

10  

11  

12  

13  

14  

15  

16  

17  

18  

[References]  •  Andrew  Davis,  Leveraging  the  ApplicaNon  CompaNbility  Cache  in  Forensic  

InvesNgaNons,  h0ps://dl.mandiant.com/EE/library/Whitepaper_ShimCacheParser.pdf  

19  

20  

21  

22