Knowing how to analyze malware has become a critical skill for incident responders and other infosec professionals. A good way to get started with such efforts involves examining how malicious software behaves in a controlled laboratory environment. In this session, Lenny Zeltser demonstrates key aspects of this process, walking you through behavioral analysis of a real-world Windows malware specimen by using several free tools. You will see practical techniques in action and understand how malware analysis will help you to triage the incident to assess key capabilities of the malicious software. You will also learn how to determine ways of identifying this malware on systems in your environment by establishing indicators of compromise. You will: • Learn the most essential aspects of malware analysis in the context of incident response and forensic investigations. • Understand how to perform initial malware triage by extracting static properties and metadata from the suspicious executable. • Know how to use freely-available tool to examine the behavior of a malicious Windows executable.