 |
|
| MALWARE FORENSICS
| |
| | |
|
|
Investigating and Analyzing Malicious Code
To order this title, and for more information, click here
By
Cameron Malin, Special Agent with the Federal Bureau of Investigation.
Eoghan Casey, BS, MA, Eoghan Casey, BS, MA, cmdLabs, Baltimore, MD, USA
James Aquilina, Managing Director and Deputy General Counsel of Stroz Friedberg, LLC
Description
Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where
investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike
other forensic texts that discuss "live forensics" on a particular operating system, or in a generic context, this book emphasizes a
live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing
malicious code and evidence of its effect on the compromised system. Malware Forensics: Investigating and Analyzing Malicious
Code also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and
Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory
as a key investigative step in malicious code forensics.
Prior to this book, competing texts have described malicious code, accounted
for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code. Conversely, Malware
Forensics: Investigating and Analyzing Malicious Code emphasizes the practical "how-to" aspect of malicious code investigation,
giving deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and
port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection,
disassembling, debugging), and more.
Audience
Malware Forensics: Investigating and Analyzing Malicious Code is intended for system administrators, information security professionals,
network personnel, forensic examiners, attorneys, and law enforcement working with the inner-workings of computer memory and malicious
code. Exploring over 150 different tools for malware incident response and analysis, including forensic tools for preserving and analyzing
computer memory, this book will benefit readers familiar with both Microsoft Windows and Linux operating systems. Readers from all educational
and technical backgrounds will benefit from the clear and concise explanations of the applicable legal case law and statutes covered
in every chapter.
Contents
Introduction
Chapter 1:
Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System
Chapter
2:
Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System
Chapter 3:
Memory
Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts
Chapter 4:
Post-Mortem Forensics: Discovering
and Extracting Malware and Associated Artifacts from Windows Systems
Chapter 5:
Post-Mortem Forensics: Discovering and
Extracting Malware and Associated Artifacts from Linux Systems
Chapter 6:
Legal Considerations
Chapter 7:
File
Identification and Profiling: Initial Analysis of a Suspect File on a Windows System
Chapter 8:
File Identification and
Profiling: Initial Analysis of a Suspect File On a Linux System
Chapter 9:
Analysis of a Suspect Program: Windows
Chapter
10:
Analysis of a Suspect Program: Linux
Index
| Bibliographic details |
Paperback, 592 pages, publication date: JUN-2008
ISBN-13: 978-1-59749-268-3
Imprint: SYNGRESS
|
| Price and Ordering |
Price:
USD 69.95
EUR 49.95
GBP 41.99
|  |
Books and book related electronic products are priced in US dollars (USD), euro (EUR), and Great Britain Pounds (GBP). USD prices apply to the Americas and Asia Pacific. EUR prices apply in Europe and the Middle East. GBP prices apply to the UK and all other countries.
|
See also information about conditions of sale & ordering procedures, and links to our regional sales offices.
|
999/999
Last update: 22 Sep 2009
|
|
| |
| | |
|
|
| |
Home | Elsevier Sites | Privacy Policy | Terms and Conditions | Feedback | Site Map | A Reed Elsevier Company