The Use of Malware Analysis in Support of Law Enforcement /CERT Coordination Center, 11 July 2007
PDF - http://www.cert.org/archive/pdf/malware-7-07.pdf
Nicholas Ianelli, Ross Kinder, Christian Roylo
"In this paper, we discuss how malware analysis supports the efforts of those pursuing adversaries employing malicious code in their tradecraft. We provide examples of the types of insights that can be made by examining artifacts of a computer intrusion (such as malicious code). We also discuss how those insights can become clues law enforcement officials can use to further an investigation."