恶意代码分析平台Truman相关资料

1、Truman 下载：http://www.secureworks.com/cyber-threat-intelligence/tools/truman/

2、PXE Windows Image Using Linux: http://www.wiul.org/

Here are a few tips to help you create you Windows image using WIUL. When you are creating your Windows image install Windows in to a small partition under 10GB if possible. This will allow you to use the Master Boot Record (MBR) that comes in the WIUL client.Defragment the drive a few times before you image it. If you are using Windows XP then use the built in defragment tool under disk management. You should always use the sysprep tool if you are going to be imaging multiple machines in a Windows domain. Create a list of images on the partimaged server and place them in a file called image.lst. Place this file into the root of your tftp server and create a host in DNS called pxeboot to point at your tftp server. If the WIUL client is having problems hit CTRL + ALT + F2 to switch to another console, login as root (password partimage). If you have run through the menu you should find scripts in /usr/local/sbin/wiul-custom. run them manually in the order that they appear in the wiul.sh script to see where things are going wrong. Want to modify the client? the quickest and easiest thing to do is to gunzip the ramdisk; ip wiul-0.3.img.gz then mount the image (make sure the dir /mnt/tmp exists); mount wiul-0.3.img /mnt/tmp/ -t ext2 -o loop cd into /mnt/tmp and make what ever changes you want. Once you are done unmount it; umount /mnt/tmp then compress up the image again; gzip -c9 wiul-0.3.img > wiul-0.3.img.gz

3、Building an Automated Behavioral Malware Analysis Environment using Open Source Software：http://www.sans.org/reading-room/whitepapers/tools/building-automated-behavioral-malware-analysis-environment-open-source-software-33129

4、TWMan：http://twman.nchc.org.tw/index.php/tw/