Chapter 3

Postmortem Forensics

Discovering and Extracting Malware and Associated Artifacts from Linux Systems

Solutions in this Chapter

• Linux Forensic Analysis Overview

• Malware Discovery and Extraction from a Linux System

• Examine Linux File System

• Examine Linux Configuration Files

• Keyword Searching

• Forensic Reconstruction of Compromised Linux Systems

• Advanced Malware Discovery and Extraction from a Linux System

Introduction

If live system analysis can be considered surgery, forensic examination of Linux systems can be considered an autopsy of a computer impacted by malware. Trace evidence relating to a particular piece of malware may be found in various locations on the hard drive of a compromised host, including files, configuration ...

Get Malware Forensics Field Guide for Linux Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Malware Forensics Field Guide for Linux Systems by Eoghan Casey, Cameron H. Malin, James M. Aquilina

Postmortem Forensics

Discovering and Extracting Malware and Associated Artifacts from Linux Systems

Solutions in this Chapter

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly