The main purpose of this document is to ease the analyst into investigating an e-mail, or other malicious domain / artifact and assist them with putting together the basic structure of an investigation. Then, finally leveraging the information he or she finds in order to search the organization to determine if anyone has engaged with the compromised system, or the system serving the phishing campaign. Please note that the foundational information that you learn here will also serve the basis of malware analysis. We are starting with this segment first as it will be an easier approach for first-time analysts. If you feel this segment is of no use to you, you can skip ahead and go for the malware segments.

Register to read more …