Text Size:   A+ A- A   •   Text Only
Site Image
Malware Toolkit
Purpose: The Malware Toolkit was designed by the Enterprise Security Office to help agencies investigate malware-infected systems with the following goals:
  • Determine source of malware infection
  • Identify malware on infected system
  • Determine duration of malware infection
  • Quantify risk to data on infected system
The Toolkit provides a safe, effective way to analyze a system for malware.  It walks users through a simple forensic methodology and provides education on understanding the results.
If you have any questions, comments or feedback about the Oregon SIRT Malware Toolkit, please contact us at security.office@state.or.us or call (503) 378-6557.

Toolkit Materials

Updated August 2, 2011, the Malware Toolkit now features streamlined workflow, more timeline information, Master Boot Record extraction, improved hardware support, and bundled documentation. 
The Malware Report Template can be used to document and report on the findings of a malware investigation.

GFIRST7 Presentation
On August 9th, 2011, John Ritchie from the Enterprise Security Office presented the Malware Toolkit to the Government Forum of Incident Response and Security Teams conference in Nashville, Tennessee.  The presentation described the Malware Toolkit and Methodology and demonstrated its use.
  • Additional Resources
            Virustotal – submit potential malware samples for multi-vendor virus analysis
            ThreatExpert – submit malware samples for in-depth analysis 
            Mastering the Super Timeline With log2timeline – PDF paper on log2timeline analysis 
                  by Kristinn Gudjonsson 

Malware Forum 2010
On February 23, 2010, the Enterprise Security Office presented an agency forum “Malware Incident Response.” The forum described the current malware threat to state business, discussed defenses available to agencies, demonstrated the difficulty of finding and removing malware, and presented and demonstrated a malware response toolkit the ESO has developed to assist agencies with malware identification.