Investigating the structure of programs and executables in order to understand where information is in memory, how programs run and how malware can be created.
INFORMATION INCLUDED IN THIS CHAPTER:
• Windows Portable Executable
• Linux Executable and Linkable Format
• Mac OS X Application Bundles
• NET Common Language Runtime
• System Calls and Tracing
At the core of any computer system is the programs that run on it. It might normally go without saying, but I am going to say it anyway. Those programs are what make computers useful but more importantly, provide us with artifacts, which make sure that forensic ...