Book description
Malware Forensics: Investigating and Analyzing Malicious Code covers the complete process of responding to a malicious code incident. Written by authors who have investigated and prosecuted federal malware cases, this book deals with the emerging and evolving field of live forensics, where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss live forensics on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system. It is the first book detailing how to perform live forensic techniques on malicious code.
The book gives deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more. It explores over 150 different tools for malware incident response and analysis, including forensic tools for preserving and analyzing computer memory. Readers from all educational and technical backgrounds will benefit from the clear and concise explanations of the applicable legal case law and statutes covered in every chapter. In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter.
This book is intended for system administrators, information security professionals, network personnel, forensic examiners, attorneys, and law enforcement working with the inner-workings of computer memory and malicious code.
- Winner of Best Book Bejtlich read in 2008!
- http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
- Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader
- First book to detail how to perform "live forensic" techniques on malicous code
- In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter
Table of contents
- Cover
- Content
- Title
- Copyright
- Dedication
- Acknowledgements
- Authors
- Technical Editor
- Introduction
-
Chapter 1. Malware Incident Response
- Solutions in this chapter:
- Introduction
- Building Your Live Response Toolkit
- Volatile Data Collection Methodology
- Collecting Process Information
- Correlate Open Ports with Running Processes and Programs
- Identifying Services and Drivers
- Determining Scheduled Tasks
- Collecting Clipboard Contents
- Non-Volatile Data Collection from a Live Windows System
- Forensic Duplication of Storage Media on a Live Windows System
- Forensic Preservation of Select Data on a Live Windows System
- Chapter 2. Malware Incident Response
-
Chapter 3. Memory Forensics
- Solutions in this chapter:
- Introduction
- Memory Forensics Methodology
- Old School Memory Analysis
- Windows Memory Forensics Tools
- Active, Inactive, and Hidden Processes
- How Windows Memory Forensics Tools Work
- Process Memory Dumping and Analysis on a Live Windows System
- Capturing Process and Analyzing Memory
- Linux Memory Forensics Tools
- How Linux Memory Forensics Tools Work
- Process Memory Dumping and Analysis on a Linux Systems
- Capturing and Examining Process Memory
- Conclusions
- Notes
-
Chapter 4. Post-Mortem Forensics
- Solutions in this chapter:
- Introduction
- Forensic Examination of Compromised Windows Systems
- Functional Analysis: Resuscitating a Windows Computer
- Malware Discovery and Extraction from a Windows System
- Inspect Services, Drivers Auto-starting Locations, and Scheduled Jobs
- Advanced Malware Discovery and Extraction from a Windows System
- Conclusion
- Chapter 5. Post-Mortem Forensics
- Chapter 6. Legal Considerations
-
Chapter 7. File Identification and Profiling
- Solutions in this chapter:
- Introduction
- Case Scenario: “Hot New Video!”
- Overview of the File Profiling Process
- Working with Executables
- File Similarity Indexing
- File Signature Identification and Classification
- Symbolic and Debug Information
- File Obfuscation: Packing and Encryption Identification
- Embedded Artifact Extraction Revisited
- Conclusion
- Notes
-
Chapter 8. File Identification and Profiling
- Solutions in this chapter:
- Introduction
- Overview of the File Profiling Process
- Working With Linux Executables
- File Signature Identification and Classification
- Embedded Artifact Extraction: Strings, Symbolic Information, and File Metadata
- File Obfuscation: Packing and Encryption Identification
- Embedded Artifact Extraction Revisited
- Elf File Structure
- Conclusion
- Notes
-
Chapter 9. Analysis of a Suspect Program
- Solutions in this chapter:
- Introduction
- Goals
- Guidelines for Examining a Malicious Executable Program
- Establishing the Environment Baseline
- Pre-execution Preparation: System and Network Monitoring
- System and Network Monitoring: Observing, File System, Process, Network, and API Activity
- Embedded Artifact Extraction Revisited
- Exploring and Verifying Specimen Functionality and Purpose
- Event Reconstruction and Artifact Review: File System, Registry, Process, and Network Activity Post-run Data Analysis
- Summary
-
Chapter 10. Analysis of a Suspect Program
- Solutions in this chapter:
- Introduction
- Analysis Goals
- Pre-Execution Preparation: System and Network Monitoring
- Defeating Obfuscation: Removing the Specimen from its Armor
- Exploring and Verifying Attack Functionality
- Assessing Additional Functionality and Scope of Threat
- Other Considerations
- Summary
- Notes
- Index
- Errata
Product information
- Title: Malware Forensics
- Author(s):
- Release date: August 2008
- Publisher(s): Syngress
- ISBN: 9780080560199
You might also like
book
Malware Forensics Field Guide for Windows Systems
Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential …
book
Malware Forensics Field Guide for Linux Systems
Malware Forensics Field Guide for Linux Systems is a handy reference that shows students the essential …
book
Hacking Exposed Malware & Rootkits: Security Secrets and Solutions, Second Edition, 2nd Edition
Arm yourself for the escalating war against malware and rootkits Thwart debilitating cyber-attacks and dramatically improve …
book
Network Security First-Step, Second Edition
Network Security first-step Second Edition Tom Thomas and Donald Stoddard Your first step into the world …