Chapter 3 Post-Mortem Forensics

Discovering and Extracting Malware and Associated Artifacts from Windows Systems

Solutions in this chapter:

• Windows Forensic Analysis Overview

• Forensic Examination of Compromised Windows Systems

• Malware Discovery and Extraction from Windows Systems

• Examine Windows File System

• Examine Windows Registry

• Keyword Searching

• Forensic Reconstruction of Compromised Windows Systems

• Advanced Malware Discovery and Extraction from a Windows System

Introduction

If live system analysis can be considered surgery, forensic examination of Windows systems can be considered an autopsy of a computer impacted by malware. Trace evidence relating to a particular piece of malware may be found in various places on the ...

Get Malware Forensics Field Guide for Windows Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Malware Forensics Field Guide for Windows Systems by Cameron H. Malin, Eoghan Casey, James M. Aquilina

Chapter 3

Post-Mortem Forensics

Solutions in this chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly