Secure way to transport the log.csv [Generated by detector.py] #4
Comments
|
Is there any secure way to transport the log.csv from infected machine to the analysis VM. Making sure that the ransomware doesn't infect or corrupt the log.csv file. |
MottiKumar
changed the title
|
Hi Motti, apologies for the late reply, appears that I didn't have notifications on for issues. Hope I'm not too late. Indeed, the transportation of the log.csv from the infected machine is a limitation of this research. I would argue there is no risk-free way to do this, but you can minimize risks by comparing hashes (which, as you will know from this research, you should definitely not trust), open contents in a sandboxed VM (a .csv file is not an executable, you can see even from the hex that it should be a legitimate file and not infected), etc. Feel free to develop your own methodology. It's quite unlikely that these files would be targeted for infection, although they could be modified. In the end it will always be like the research states - a "cat and mouse game". Although I can't provide a direct "correct" answer to your question, I hope this allows you to hypothesize and think of methodologies to do this part of the process. |
Is there a part where i could validate the Trained model.
The text was updated successfully, but these errors were encountered: