惡意程式是資安事件中相當重要角色之一，透過分析惡意程式，資訊安全專家能夠還原其資安事件，並從資安事件學習經驗，除了能修復原本的受害環境，還可以規畫防護措施使得其環境更加地安全。
惡意程式分析技術與惡意程式的發展，有著密不可分的關係，隨著網路的普及以及目前軟硬體的技術的發展，攻防技術不斷演進與更新。早期的惡意程式，透過靜態分析，從原始碼中找到惡意攻擊的特徵，透過比對攻擊特徵資料庫的特徵碼來進行偵測，也就是防毒軟體的出現。接著，為了增加分析困難度，惡意程式開發人員進行加殼與變種，改變其特徵碼，使得特徵碼偵測的有效性開始降低。資訊安全專家開始使用動態分析，利用虛擬機與偵錯器來協助，從外部進行觀測，藉以了解惡意程式的行為。
近年來，惡意程式開始出現反偵錯器特性，資訊安全專家從偵錯技術中了解惡意程式的組成架構、功能等，若將惡意程式加入反偵錯技術來保護惡意程式，則會大幅提高分析難度。因此，本研究提出使用記憶體傾印之技術，針對程式執行後留存於記憶體中之紀錄進行分析與追蹤，從記憶體中了解惡意程式對電腦造成的影響，達到分析具備反偵錯器惡意程式之效果，並且簡易的區分惡意程式類別，以利於資安事件的追查。

Malware analysis plays an important role in information security incidents, we could deduce the infection vector and attack chains via analysis and investigation. Generally speaking, malware analysis methodology and malware development are closely related. In early analysis stage, we identify and detect malware via signature and pattern matching. However, malware writers become smarter by obfuscating and encryption the malware with packers. Security researcher could only rely on dynamic analysis of malware to obtain utmost artifacts and behavior of the malware with debuggers, emulators, virtual machines and API call monitor.
In recent years, malware writers implemented anti debugging features in the malware and stop researchers to step through the malware for research and investigation purpose. Thus, we would like to bypass those traps, which set up by malware writers, and understand the malware impact against computer thoroughly via memory dump.

【英文部分】
引用期刊
[1] M.N. Gagnon, S. Taylor, and A.K. Ghosh, "Software protection through anti-debugging," IEEE Security & Privacy, vol.5, no.3, May/June 2007, pp.82-84.
[2] A. Schuster, "Searching for processes and threads in Microsoft Windows memory dumps," Digital Investigation: The International Journal of Digital Forensics & Incident Response archive, vol.3, September, 2006, pp.10-16.

引用研討會論文
[3] W. Ahmed and B. Aslam, "A comparison of Windows physical memory acquisition tools," Military Communications Conference (MILCOM), Tampa, Florida, 26 - 28 October 2015
[4] Y.S. Choi, I.K. Kim, J.T. Oh, and J.C. Ryou, "PE file header analysis based packed PE file detection technique (PHAD), "International Symposium on Computer Science and its Applications, Hobart, ACT, 13-15 October 2008.
[5] Q. Hua and Y. Zhang, "Detecting malware and rootkit via memory forensics," International Conference on Computer Science and Mechanical Automation, Hangzhou, China, 23 - 25 October 2015.
[6] J. Kraus, "Self-reproduction of programs," Universität Dortmund, 1980.
[7] C Linn and S Debray, "Obfuscation of executable code to improve resistance to static disassembly," Proceedings of the 10th ACM conference on Computer and communications security, Washington, DC, USA, 27 – 30 October 2003.
[8] W. Liu, P. Ren, K. Liu, and H.X. Duan, "Behavior-based malware analysis and detection," First International Workshop on Complexity and Data Mining, Nanjing, Jiangsu, 24-28 September 2011.
[9] A. Sulaiman, K. Ramamoorthy, S. Mukkamala, and A.H. Sung, "Disassembled code analyzer for malware (DCAM)," IEEE International Conference on Information Reuse and Integration, Hilton, Las Vegas, NV, USA, 15 - 17 August 2005.
[10] K. Yoshizaki, and T. Yamauchi, "Malware detection method focusing on anti-debugging functions", Second International Symposium on Computing and Networking, Mt. Fuji, Shizuoka, 10 - 12 December 2014.

引用英文書籍
[11] M. Ligh, S. Adair, B. Hartstein, and M. Richard, Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code, Wiley Publishing Inc., 2010.
[12] M. Ligh, A. Case, J. Levy, and A. Walters, The Art of Memory Forensics, Wiley Publishing Inc., 2014.

引用公司報告
[13] D. Distler, "Malware analysis: an introduction," InfoSec Reading Room, SANS Institute, 2007.
[14] H.Y. Lock, "Using IOC (Indicators of Compromise) in malware forensics," InfoSec Reading Room, SANS Institute, 2013.
[15] MANDIANT Consulting Team, "M-Trends 2016", FireEye Inc., 2016.
[16] T. Shields, "Anti-debugging–a developer's view," Veracode Inc.,2010.
[17] ThreatMetrix Inc., "New zeus malware strain intensifies risks," 2012.
 
【中文部分】
引用書籍
[18] 俞甲子、石凡與潘愛民（2009年）。程式設計師的自我修養：連結、載入、程式庫。基出版社。頁282-284。