From 0a816236700ba51631c915f3bbb55aa04f02f3b6 Mon Sep 17 00:00:00 2001
From: Matteo Cafasso <noxdafox@gmail.com>
Date: Sun, 22 Jan 2017 13:12:43 +0200
Subject: [PATCH] documentation: small fixes to the tutorial

Signed-off-by: Matteo Cafasso <noxdafox@gmail.com>
---
 doc/tutorial_conclusions.rst  |  4 ++--
 doc/tutorial_hellomalware.rst | 14 +++++++-------
 2 files changed, 9 insertions(+), 9 deletions(-)

diff --git a/doc/tutorial_conclusions.rst b/doc/tutorial_conclusions.rst
index efb2a5d..52b3117 100644
--- a/doc/tutorial_conclusions.rst
+++ b/doc/tutorial_conclusions.rst
@@ -193,8 +193,8 @@ Here follows the source code and configuration used in the examples.
                "name": "plugins.network.NetworkAnalysisHook",
                "configuration": {
                    "start_processing_on_event": "start_analysis",
-                  "wait_processing_on_event": "wait_analysis",
-                 "log_format": "text"
+                   "wait_processing_on_event": "wait_analysis",
+                   "log_format": "text"
              }
          }
        ]
diff --git a/doc/tutorial_hellomalware.rst b/doc/tutorial_hellomalware.rst
index 2487fdd..1a621cd 100644
--- a/doc/tutorial_hellomalware.rst
+++ b/doc/tutorial_hellomalware.rst
@@ -12,19 +12,19 @@ The sample we are about to execute is a simple ransomware. Ransomware are good a
 
 We will adopt the execution Protocol shown in the chapter `Plugins and Protocol`. In addition to that, we will use some of the provided `example plugins <https://github.com/F-Secure/see/tree/master/plugins>`_.
 
-It might be necessary to apply further changes withing the Guest Operating System. Services such as the Windows Firewall and Windows Defender might prevent the samples to show their full behaviour.
+It might be necessary to apply further changes within the Guest Operating System. Services such as the Windows Firewall and Windows Defender might prevent the samples from showing their full behaviour.
 
 Behavioural analysis
 --------------------
 
-The behavioural analysis is usually divided in two stages. The first stage takes care of acquiring the beharioural data while the Sandbox is executing. The second stage, run at the end of the Sandbox execution, will analyse the collected data and produce a report.
+The behavioural analysis is usually divided in two stages. The first stage takes care of acquiring the behavioural data while the Sandbox is executing. The second stage, which will take place at the end of the Sandbox execution, will analyse the collected data and produce a report.
 
 Disk behaviour
 ++++++++++++++
 
 The disk behaviour is gathered by taking two snapshots of the disk, before and after the sample execution. Once done, we compare the two snapshots extracting all the occurred changes.
 
-The disk behaviour logic is contained within the `disk plugin <https://github.com/F-Secure/see/blob/master/plugins/disk.py>`_. The `DiskCheckPointHook` takes care of collecting the disk snapshots, we will configure it to take two snapshots at the `ip_address` and at the `post_poweroff` Events occurrence. This will allows a good coverage of the changes reducing a bit the noise. The `DiskStateAnalyser` will take care of analysing the snapshots. As the analysis is asynchronous, we need to specify when to start it and when to wait for its conclusion. The protocol's `start_analysis` and `wait_analysis` Events suit our needs.
+The disk behaviour logic is contained within the `disk plugin <https://github.com/F-Secure/see/blob/master/plugins/disk.py>`_. The `DiskCheckPointHook` takes care of collecting the disk snapshots. We will configure it to take two snapshots at the `ip_address` and at the `post_poweroff` Events occurrence. This will allows a good coverage of the changes reducing a bit the noise. The `DiskStateAnalyser` will take care of analysing the snapshots. As the analysis is asynchronous, we need to specify when to start it and when to wait for its conclusion. The protocol's `start_analysis` and `wait_analysis` Events suit our needs.
 
 The report will be stored in the path given as `results_folder` with the file name `filesystem.json`. It will contain information about created, deleted and modified files and Windows registry keys.
 
@@ -33,7 +33,7 @@ Memory behaviour
 
 The memory behaviour is gathered by taking a memory snapshot of the running virtual machine. The memory snapshot will be analysed using Volatility.
 
-The memory behaviour logic is contained within the `memory plugin <https://github.com/F-Secure/see/blob/master/plugins/memory.py>`_. The `MemoryHook` takes care of collecting the memory snapshots, we will configure it to take a single snapshot at the `snapshots_capture` Event occurrence. The `VolatilityHook` will take care of analysing the snapshot. As for the Disk analysis hook, the analysis is asynchronous.
+The memory behaviour logic is contained within the `memory plugin <https://github.com/F-Secure/see/blob/master/plugins/memory.py>`_. The `MemoryHook` takes care of collecting the memory snapshots. We will configure it to take a single snapshot at the `snapshots_capture` Event occurrence. The `VolatilityHook` will take care of analysing the snapshot. As for the Disk analysis hook, the analysis is asynchronous.
 
 Furthermore, the `VolatilityHook` requires a profile to be specified and a set of scanning plugins to use. As we are running a Windows 7 32 bit, the `Win7SP1x86` profile is the one to be used. For the plugins, we can select the `mutantscan` and the `psscan` ones.
 
@@ -42,9 +42,9 @@ The `VolatilityHook` will generate a report file per each Volatility plugin. The
 Network behaviour
 +++++++++++++++++
 
-The memory behaviour is gathered by tracing the network traffic of the running virtual machine. The network trace will be analysed using Tshark.
+The network behaviour is gathered by tracing the network traffic of the running virtual machine. The network trace will be analysed using Tshark.
 
-The network behaviour logic is contained within the `network plugin <https://github.com/F-Secure/see/blob/master/plugins/network.py>`_. The `NetworkTracerHook` takes care of tracing the network traffic, we will configure it to start tracing at the `ip_address` Event occurrence. The `NetworkAnalysisHook` will take care of analysing the network trace. As for the Disk and Memory analysis hooks, the analysis is asynchronous.
+The network behaviour logic is contained within the `network plugin <https://github.com/F-Secure/see/blob/master/plugins/network.py>`_. The `NetworkTracerHook` takes care of tracing the network traffic. We will configure it to start tracing at the `ip_address` Event occurrence. The `NetworkAnalysisHook` will take care of analysing the network trace. As for the Disk and Memory analysis hooks, the analysis is asynchronous.
 
 The report will be stored in the path given as `results_folder` with the file name `network.log`. It will contain the list of exchanged packets.
 
@@ -93,7 +93,7 @@ When analyzing the created files, we can notice how the executable gets dropped
    },
    ...
 
-As well, the sample creates multiple Windows Task to ensure the sample execution at startup.
+As well, the sample creates multiple Windows Tasks to ensure the sample execution at startup.
 
 ::