Mandiant, Inc.
Real-time visual playback with synchronous textual analysis log display and event/time indexing

Abstract:

In one embodiment, a method for detecting one or more behaviors by software under test that indicate a presence of malware is described. First, an analysis of operations conducted by the software being processed by a virtual machine is performed. The analysis includes monitoring one or more behaviors conducted by the software during processing within the virtual machine. Next, a video corresponding to at least the one or more monitored behaviors, which are conducted by the software during processing of the software within the virtual machine, is generated. Also, text information associated with each of the one or more monitored behaviors is generated, where the text information being displayed on an electronic device contemporaneously with the video corresponding to the one or more monitored behaviors.