Malware Analysis is typically carried out in response to a Malware outbreak. When Anti-Virus tools fail to detect and remove a threat or when a client wishes to know more about a particular malware body that has worked it's way onto their network.
Malware Analysis can be performed on suspected malicious files to build up a working knowledge about the potential impact of a malware infection, for example: What does the malware do? What data could it have modified/copied/deleted? Could it create a remote back door into the network?.
Testing of Malware is generally broken down in a number of different phases: Testers will use a number of forensic techniques to safely isolate and copy the malware body; this can then be taken back to the CNS lab for further analysis in a secure isolated environment. Analysis will typically be based upon live behavior in a sand boxed environment, dynamic analysis to observe every minor change the malware makes to a system (connections, registry changes, file modifications etc) and finally static analysis where a full disassembly and code review of the malicious binary will take place to reveal the malware's precise functionality.