STATOS: A portable tool for secure malware analysis and sample acquisition in low resource environments

Abstract

Malware poses a significant security threat to organisations worldwide, particularly in environments with limited resources. Static analysis has emerged as a crucial technique for gaining insights into malware, but it often requires specialised hardware and software, which can be a barrier for organisations facing financial or supply constraints. To address these challenges, this study presents a Static-Analysis Operating System (StatOS), a portable Linux derivative operating system designed for static malware analysis. StatOS can be executed from a USB device, allowing organisations to perform efficient, user-friendly, and secure malware analysis even on underpowered hardware. This study contributes a practical solution to field analysis of malware within low-resource environments, providing a model and requirement data for future developments in portable cybersecurity tools. The tool was validated through a combination of expert feedback using the Delphi method and security assessments, including Monte-Carlo simulations and Common Vulnerabilities and Exposures (CVE) evaluations. Results indicate that StatOS meets and exceeds key performance requirements, with 100% of surveyed cyber specialists agreeing on its effectiveness, and 80% indicating they would use StatOS in forensic investigations.