Sam Houston State University<<CS 5325<<Assignment_6_2017-REVIEWED AND EDITED BY EXPERTS-ALL ANSWERS CORRECT

Document Content and Description Below

CS 5325 Operating System Security Assignment 06 Due: 11:59 p.m. Sunday, 4/23/2017 180 points with optional bonus points Study Chapter 6 Executable File Analysis and complete each of the following qu... estions Submit your answers to blackboard Name: Date: 4/23/17 Note: Use both textbook and collected reliable online resources for your answers (you may utilize the tools mentioned in the textbook or other alternative tools on the internet). All external resources must be listed as references at the end of this document. Absolutely NO copying is allowed. There are 21 questions. You have a right to select some questions below to answer. The total points you selected should NOT be less than 180 points. If you select the questions with the total points over 180 points, say 240 points, and all your answers are correct, then you will earn 240 points (180 points are the full plus 60 extra points) Please list the name of tools used for answering the question and the source, if necessary. 1. What are the two ways to analyze an executable file? (5 points) a. Static Analysis – this consists of collecting information from an .EXE file without actually running the file. More so than just opening the file with notepad, but with a program like WinHex so that you can see the metadata and get some idea of what going on with the file. b. Dynamic Analysis – This is when you launch the .EXE file in a controlled environment like on a VM (take a snapshot first so that you can revert back to the healthy status) or a machine that you don’t mind having to redo later. If you use a live machine make sure there is NO connection to a work network so that nothing gets out into the real world. 2. What is static analysis? Please briefly describe the process. (10 points) a. As I stated above static analysis is when you don’t actually launch the .EXE file but open it with a program like WinHex or the like and investigate it. By not launching it and looking at the metadata you can learn possibly who designed it, if it’s from a company like Microsoft and you can also if need be find out what type of file it actually is. A file won’t necessarily have an extension so you may have to investigate to find out. 3. Search on the internet, get and download “peview.exe”, and make a practice by using the tool. Screen your practice (10 points) and explain the output (10 points [Show More]

Last updated: 1 year ago

Preview 1 out of 9 pages