If you're in that situation or are the type who just likes to get your hands dirty, then I've got some tools and resources to help you jump right into file analysis of Adobe Flash and Acrobat files. For Flash files, I typically use SWFTools to pull out strings that might indicate malicious intent, extract embedded files, and scripts. There is also Flare and a tool I just saw mentioned at Paul Melson's blog called Sothink SWF Decompiler, which looks promising.
Didier Stevens' PDF Tools are excellent for dealing with PDFs that you suspect are malicious. It's important that I point out these tools don't tell you whether the file contains something malicious. They are analysis tools to help you make that determination. To help you better understand what they can do for you, take a look at the recent analysis write-ups at the Internet Storm Center here and here.
As you can see from the ISC examples, analyzing files looking for maliciousness is not an easy task. The tools are available if you're up to the challenge, and with the current PDF-based attacks, there are plenty of samples to analyze.
John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.