Basic theory in Sandboxing

As malware became more sophisticated, we needed more technology that would allow us to analyze malware easily without compromising our system. One such technology that can be used is sandboxing. Sandboxing has a wide and various explanation among IT people. For a reference, you can see the explanation from Wikipedia at http://en.wikipedia.org/wiki/Sandbox_(computer_security). In specific terminology (computer security), sandboxing is a technique for isolating a program (in this case, malware) by providing confined execution environments, which can be used for running unreliable programs from the main environment. To give a clear explanation about sandboxing technology, let's imagine a sandbox or sandpit playground for children. Sandpit is a container filled with sand for children to play. The "pit" or "box" itself is simply a container for storing the sand so that it does not spread outward across lawns or other surrounding surfaces. The children can do anything in the sandpits as long as they are still in the sandbox. By providing a sandbox, we can execute malicious applications and see the malware activities.

We can also analyze the malware safely and securely without worrying about the changes that will occur during the process. There are several malware sandboxes you can use for building your own automated malware analysis lab. For example, Buster Sandbox Analyzer, Zero Wine, Malheur, Cuckoo Sandbox, and so on. Cuckoo is the right tool to perform an analysis for a sandboxed malware because Cuckoo has a complete feature, it is fully open source, and has good support from its community.