Chapter 3
Post-Mortem Forensics
Discovering and Extracting Malware and Associated Artifacts from Windows Systems
Solutions in this chapter:
• Windows Forensic Analysis Overview
• Forensic Examination of Compromised Windows Systems
• Malware Discovery and Extraction from Windows Systems
• Examine Windows File System
• Examine Windows Registry
• Keyword Searching
• Forensic Reconstruction of Compromised Windows Systems
• Advanced Malware Discovery and Extraction from a Windows System
Introduction
If live system analysis can be considered surgery, forensic examination of Windows systems can be considered an autopsy of a computer impacted by malware. Trace evidence relating to a particular piece of malware may be found in various places on the ...
Get Malware Forensics Field Guide for Windows Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.