1
00:00:05,940 --> 00:00:15,660
Static analysis without any execution, weaving the wires binary and parsing each and every byte provides

2
00:00:15,870 --> 00:00:19,390
much of the information needed to continue further.

3
00:00:20,810 --> 00:00:28,430
Simply knowing the type of fire it's the mindset of the analyst in a way that helps them to prepare

4
00:00:28,430 --> 00:00:32,150
specific sets of tools and the reference that may be used.

5
00:00:34,100 --> 00:00:41,280
Searching takes drinks, can also give clues about the author of the program, where it came from and

6
00:00:41,360 --> 00:00:43,540
the most likely what it does.

7
00:00:46,440 --> 00:00:47,700
Dynamic analysis.

8
00:00:50,200 --> 00:00:55,570
This type of analysis is where the objects being analyzed gets executed.

9
00:00:56,400 --> 00:01:03,900
It requires an enclosed environment so that behaviors that may compromise production systems do not

10
00:01:03,900 --> 00:01:11,850
happen, sitting in closed environments are usually done by using virtual machines like virtual books

11
00:01:11,850 --> 00:01:13,490
or Wamwere signs.

12
00:01:13,530 --> 00:01:15,690
They can then easily be controlled.

13
00:01:16,290 --> 00:01:23,370
Tools that monitor and log common environment actions are implemented during dynamic analysis.

14
00:01:26,090 --> 00:01:34,880
Low level analysts, there is some information that may be missed out during static and dynamic analysis,

15
00:01:36,650 --> 00:01:41,090
the flow of a program full of the party that depends of certain conditions.

16
00:01:41,930 --> 00:01:49,520
For example, a program will only create a file only if a specific process is running or a program will

17
00:01:49,520 --> 00:01:54,380
create a registry entry in the role of six, four, three, two.

18
00:01:54,560 --> 00:02:02,630
Not only if the if it were running in 64 bit Windows operating system, the buying tools are usually

19
00:02:02,630 --> 00:02:05,990
used to analyze a program in low level analysis.

20
00:02:08,050 --> 00:02:14,740
Reporting while doing analysis, every piece of information should be collected and documented.

21
00:02:15,280 --> 00:02:22,330
It's a common practice to document reverse engineering objects to help future future future analysis

22
00:02:23,260 --> 00:02:28,090
and Analysis said serves as a knowledge base of the developer.

23
00:02:28,150 --> 00:02:35,530
For developers who want to secure their upcoming program from flops, for example, a simple input can

24
00:02:35,530 --> 00:02:42,220
now be secured by placing bonce validation, which is known about as a result of a prior reverse engineering

25
00:02:42,220 --> 00:02:46,210
program that indicated indicated a possible buffer overflow.

26
00:02:46,690 --> 00:02:47,500
A good report.

27
00:02:47,500 --> 00:02:57,460
Asthmas answers a question regarding the following questions how how a reverse engineering object works

28
00:02:57,910 --> 00:03:07,330
when a specific behavior triggers vice specific cause were used in the program where it was intended

29
00:03:07,630 --> 00:03:11,740
to work on and about the whole program.

30
00:03:11,770 --> 00:03:12,310
Does.