This paper outlines the relevant steps to build up a customizable automated malware analysis station by using only freely available components with the exception of the target OS (Windows XP) itself. Further a special focus lies in handling a huge amount of malware samples and the actual implementation at CERT.at. As primary goal the reader of this paper should be able to build up her own specific installation and configuration while being free in her decision which components to use.
The first part of this document will cover all the theoretical, strategic and methodological aspects. The second part is focusing on the practical aspects by diving into CERT.at automated malware analysis station closing with an easy to follow step-by-step tutorial, how to build up CERT.at implementation for your own use. So feel free to skip parts.