Cyber forensic tools play a crucial role in cyber investigations by helping investigators collect, analyze, and preserve digital evidence.
These tools can extract data from various sources, such as:-
-
Hard drives
-
Mobile devices
-
Network traffic
They also allow for identifying malware, tracking online activities, and decrypting encrypted data.
Recently, Any Run launched its new “Script Tracer,” a tool primarily made for threat researchers to trace and deobfuscate malware execution.
Document
14 Days FREE Trial
Try Unlimited Interactive Malware Analysis with ANY.RUN Sandbox.
Script Tracer
Scripting languages empower Windows tasks but also fuel rising malware in such code. There are various types of scripting code in Windows, and here they are mentioned below:-
-
JScript
-
VBScript
-
VBA (Visual Basic for Applications)
-
Macro 4.0
-
API calls
-
OS checks
-
WMI requests
Script Tracer provides detailed insights into deobfuscated script activities, similar to code debugging. Besides this, access the Script Tracer reports from a tracer icon in the process tree or the Advanced Process Details report.
Here below, we have mentioned the two new additions:
New Indicator in the Process Tree
A New Tab in Advanced Process Details
Apart from this, this tracer also enables users to view compiled VBE scripts like:-
-
The script execution process
-
Namely requested functions
-
Transferred data
Script Tracer reveals hidden insights, like request results. Scripts run via executables, as with WMIC loading and executing vbscript for malware data collection.
Encountering VBS-based malware? Examine WSHRat as an example. Easily investigate Office macros and scripts. You can also delve into the visible Windows API in a sneaky document using “alloc” and “request.”
Also Read:
Cybersecurity Risk Management – 6 Best Practices
GitLab 12.6 Released With Tools to Track Project Security Status and Release Evidence
