Automate, Automate, Automate
Essentially, this is about consistency, speed, and noise reduction. The more efficient you are at isolating the bits you care about in an executable the better you'll be. Sandboxes and other dynamic tools are great especially when you're just looking for some quick data on what hosts a piece of malware is calling out to.
I really like the tools that let you script these problems away. pefile and pydasm are two favorites of mine. The ability to code up tests in python based on these libraries has really speed up my investigations.
Automation is also about learning from your mistakes, so you don't make them again.
During a reversing session where I was looking at an app in OllyDbg I forgot to check for the redpill instructions, in the piece of malware I was pulling apart. Once I found the SIDT instruction I kicked myself for wasting hours. But afterwards I added a new test to my little quick_analysis.py script it uses pydasm to disassemble each section looking for any intel instructions related to NoPill and RedPill checks, and lists the rva and instruction. The idea being that I can then set breakpoints in OllyDbg.
Make Sure You Know What the Expected Behavior Of the App And The OS Is
The most difficult thing for new reversers is knowing what different API calls do and where various resources live. Like most stuff this takes patience and a lot of searching most often through MSDN. However the point I wanted to make was that often when looking at a new application people don't take the time to read the manual on describing what the functionality of app is. Trust me it's worth the time, you invest up front.
