Malware Forensics : Investigating and

Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss "live forensics" on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system. Malware Forensics: Investigating and Analyzing Malicious Code also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory as a key investigative step in malicious code forensics. Prior to this book, competing texts have described malicious code, accounted for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code. Conversely, Malware Forensics: Investigating and Analyzing Malicious Code emphasizes the practical "how-to" aspect of malicious code investigation, giving deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more. * Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader. * First book to detail how to perform "live forensic" techniques on malicous code. * In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter

Introduction
Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System
Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System
Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts
Post-Mortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Windows Systems
Post-Mortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems
Legal Considerations
File Identification and Profiling: Initial Analysis of a Suspect File on a Windows System
File Identification and Profiling: Initial Analysis of a Suspect File On a Linux System
Analysis of a Suspect Program: Windows
Analysis of a Suspect Program
Linux
Index
Table of Contents provided by Publisher. All Rights Reserved.

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

FREE SHIPPING

Amazon no longer offers textbook rentals. We do!

Malware Forensics : Investigating and Analyzing Malicious Code

Summary

Table of Contents

Supplemental Materials