The tools for analyzing malware range from simple hex editors and interactive disassemblers to GUI-based tools that integrate online searching and analysis. Each incident will often dictate the specific tools or techniques utilized. A possible infection through a social engineering email that is in the process of infecting network systems may require analysts to work rapidly to identify the malware's behavior and craft a solution to remove it. In other circumstances, a security control may have identified a file that it deems suspicious. With no active incident at hand, the incident response analysts may want to completely rip apart the code, to determine if it had a specific purpose. In either case, tools described in the next section are useful in assisting in the process, but the list is by no means all-inclusive.
Before taking on the task of analyzing, ensure that the system utilized is properly isolated from the network, and anti-virus is turned off. One technique is to utilize a virtual machine that can be snapshotted before use and returned to that state after analysis.