Malware analysis is becoming an important specialization in the field of digital investigation. Reverse analysis is the most common method in analyzing malware. The reverse analysis process is an advanced and efficient method that exposes the intention and processes of malware. This paper introduces the basic concepts, methods, and tools of the reverse analysis process. A true case study of malware in China, used to obtain QQ account information and passwords, is presented to illustrate the whole process of the reverse analysis process of malware from the aspects of checking pack, unpacking, breakpoint setting, program tracing, anti-kill technique and key information acquiring.