| Requirement | Recommended Tool / Setting | |-------------|----------------------------| | | A fresh virtual machine (VM) running Windows 10/11, Linux (Ubuntu/Kali), or macOS. Use a hypervisor like VirtualBox, VMware, or Hyper‑V. | | Network Isolation | Disable the VM’s network or use a proxy‑only mode (e.g., INetSim) to prevent outbound connections while still allowing DNS for analysis tools. | | Snapshot Capability | Take a VM snapshot before you start. You can revert instantly if the file crashes the system. | | Forensics Toolkit | Install: • binwalk (Linux) • 7‑Zip / WinRAR • pefile , lief , radare2 (Windows/Linux) • strings , exiftool • Process Monitor (ProcMon) , Process Explorer , Autoruns (Windows) | | Dynamic Sandbox (Optional) | Use a cloud sandbox (e.g., ANY.RUN, Hybrid Analysis) only if the file is not confidential . Otherwise keep testing in your isolated VM. |
| Requirement | Recommended Tool / Setting | |-------------|----------------------------| | | A fresh virtual machine (VM) running Windows 10/11, Linux (Ubuntu/Kali), or macOS. Use a hypervisor like VirtualBox, VMware, or Hyper‑V. | | Network Isolation | Disable the VM’s network or use a proxy‑only mode (e.g., INetSim) to prevent outbound connections while still allowing DNS for analysis tools. | | Snapshot Capability | Take a VM snapshot before you start. You can revert instantly if the file crashes the system. | | Forensics Toolkit | Install: • binwalk (Linux) • 7‑Zip / WinRAR • pefile , lief , radare2 (Windows/Linux) • strings , exiftool • Process Monitor (ProcMon) , Process Explorer , Autoruns (Windows) | | Dynamic Sandbox (Optional) | Use a cloud sandbox (e.g., ANY.RUN, Hybrid Analysis) only if the file is not confidential . Otherwise keep testing in your isolated VM. |
