Glossary
Dynamic Analysis
Analyzing a binary by actually running it, observing its behavior in real time using debuggers, sandboxes, and system monitoring tools.
Dynamic analysis involves executing a target binary and observing its behavior at runtime. Tools include debuggers (x64dbg, GDB), sandboxes, system-call tracers (strace, API Monitor), network capture (Wireshark), and memory scanners. Dynamic analysis defeats packing and some obfuscation because the code must eventually deobfuscate itself to run. The downside is that only the executed code paths are observed — malware may have dormant branches that only activate under specific conditions. Dynamic analysis is most powerful when combined with static analysis in a hybrid workflow.