Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data

1st Edition

An Excerpt from Malware Forensic Field Guide for Linux Systems

Authors:

Description

Linux Malware Incident Response is a "first look" at the Malware Forensics Field Guide for Linux Systems, exhibiting the first steps in investigating Linux-based incidents. The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.

Key Features

  • Presented in a succinct outline format with cross-references to included supplemental components and appendices
  • Covers volatile data collection methodology as well as non-volatile data collection from a live Linux system
  • Addresses malware artifact discovery and extraction from a live Linux system

Readership

Designed and written for malware forensics investigators and analysts, law enforcement, and legal professionals.

Table of Contents

Dedication

Introduction

How to Use This book

Investigative Approach

Forensic Analysis in Malware Investigations

Applying Forensics to Malware

From Malware Analysis to Malware Forensics

Chapter 1. Linux Malware Incident Response

Introduction

Volatile Data Collection Methodology

Nonvolatile Data Collection from a Live Linux System

Conclusion

Appendix 1

Incident Response Tool Suites

Remote Collection Tools

Volatile Data Collection and Analysis Tools

Collecting Subject System Details

Identifying Users Logged into the System

Network Connections and Activity

Process Analysis

Loaded Modules

Opened Files

Command History

Appendix 2

Live Response: Field Notes

Appendix 3

Live Response: Field Interview Questions

Appendix 4

Pitfalls to Avoid

Selected Readings

Details

No. of pages:
134
Language:
English
Copyright:
© 2013
Published:
Imprint:
Syngress
Electronic ISBN:
9780124114890
Print ISBN:
9780124095076

About the authors