If you're a intrusion analyst on a small team (or maybe you ARE the team), you may be the only resource that has to look at a myriad of possibly malicious files that trigger your IDS or SIEM. You may not have either the time or the forensics skills to properly inspect each PDF or Flash file or Office doc that set off an alert.
Fortunately, there are a lot of good resources available that can do at least a cursory examination of different types of files and indicate that you might need to flag that alert for investigation. That's not as good as having a forensics analyst to hand the file off to, but it's a whole lot better than ignoring the alert because you don't have the time or training to deal with it.
more here..........http://jeffsoh.blogspot.com/2015/02/malware-tracker-pdf-analysis.html
Fortunately, there are a lot of good resources available that can do at least a cursory examination of different types of files and indicate that you might need to flag that alert for investigation. That's not as good as having a forensics analyst to hand the file off to, but it's a whole lot better than ignoring the alert because you don't have the time or training to deal with it.
more here..........http://jeffsoh.blogspot.com/2015/02/malware-tracker-pdf-analysis.html