Alternative text: "Azure Grotto, Naples by Ivan Konstantinovich Aivazovsky (1841)"

The technique illustrated in this guide is oriented for Windows and allows to debug a sample (i.e. an instance of a malware) using also API Monitor (available at http://www.rohitab.com/apimonitor).
This technique has sped up my malware analysis on several occasions and hence its very suited for incident response activities. To use it you just need:

• your favourite debugger;
• API Monitor.

In a nutshell, you will:

1. debug a sample (including the possibility to move its Instruction Pointer as you whish);
2. track via API Monitor the APIs used by the sample (which is still under debugging).

At:

• "Guide" you will find the tutorial for this technique.
• "Filters" you will find some suggested filters to be feeded to API Monitor.

I would like to thank professor D. C. D'Elia for the clarifications and suggestions about this guide.