Incident Response: Analyzing Forensic Techniques Prevalent in Malware Attacks

Hafiz Ahmad Mujtaba; Gohar Mumtaz

doi:10.54692/ijeci.2025.0902/259

Hafiz Ahmad Mujtaba Faculty of Computer Science and Information Technology, Superior University, Lahore, 54000, Pakistan
Gohar Mumtaz Faculty of Computer Science and Information Technology, Superior University, Lahore, 54000, Pakistan

DOI: https://doi.org/10.54692/ijeci.2025.0902/259

Keywords: : Digital Forensics, Incident Response, Malware Analysis, File System Forensics, Memory Forensics, Network Forensics, Ransomware, Command-and-Control (C2), Forensic Readiness, Cyber security

Abstract

The growing intensity and frequency of malware attacks underscore the necessity of powerful and effective incident response and digital forensic measures. In this paper, Incident Response: Analyzing Forensic Techniques Prevalent in Malware Attacks, the researcher examines major forensic techniques that have been employed in the detection, analysis, and prevention of malware attacks. It is specialized in file system, memory, network, and malware forensics, analyzing Windows registry documents, prefetch files, Amcache, volatile memory, and IDS/IPS logs. The paper illustrates the use of forensic methods in detection of command-and-control (C2) communications and propagation of ransomware through case studies of WannaCry and NotPetya. It contrasts the approaches to analysis: static, dynamic and hybrid analysis with the emphasis on the importance of sandboxing and behavioral analysis. The results show that although forensics continues to play a crucial role in attribution and evidence collection, the problem of anti-forensic measures, data loss, and structural complexity make it less visible. Also highlighted in the study is the value of documentation, preservation and inter agency cooperation in conserving the integrity and accountability of evidence.