Malware Forensics Field Guide for Windows Systems Digital Forensics Field Guides
Auteurs : Malin Cameron H., Casey Eoghan, Aquilina James M.
Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution.
This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a suspect file on a Windows system; and analysis of a suspect program.
This field guide is intended for computer forensic investigators, analysts, and specialists.
Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System Chapter 2. Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts Chapter 3. Post-Mortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Windows Systems Chapter 4. Legal Considerations Chapter 5. File Identification and Profiling Initial Analysis of a Suspect File on a Windows System Chapter 6. Analysis of a Suspect Program Appendix A: Tool Glossary
Eoghan Casey is an internationally recognized expert in data breach i
- A condensed hand-held guide complete with on-the-job tasks and checklists
- Specific for Windows-based systems, the largest running OS in the world
- Authors are world-renowned leaders in investigating and analyzing malicious code
Date de parution : 07-2012
Ouvrage de 560 p.
15.2x22.8 cm
Thèmes de Malware Forensics Field Guide for Windows Systems :
Mots-clés :
Active system monitoring; Affirmative evidence; Antivirus software; API call; Auto-starting location; Binder; Computer trespasser exception; Consent exception; Cryptor; Digital impression evidence; Digital trace evidence; Dr; Watson log; Dynamic analysis; Environment baseline; EPROCESS; Event Log; Executable; FastDump; File camouflaging; File profiling; F-Response; Fuzzy hashing; Hash value; Health Insurance Portability and Accountability Act; Host integrity monitor; Impression evidence; Jurisdictional authority; Keyword search; Live response; Local collection; Master file table; Memory dump; Memory forensics; Memoryze; Message-Digest 5; Metadata; NetBIOS; Netcat listener; Nigilant32; Obfuscation; Packer; Passive system monitoring; Phylogeny; Piecewise hash; Postmortem forensics; Prefetch file; Private authority; Private provider; Process; Protected data; Provider exception; Public provider; Real-time data; Registry entry; Registry monitoring; Remote collection; Restore point; Sandbox; Sarbanes-Oxley Act; Stateful information; Static analysis; Statutory/public authority; String; Suspicious file; System snapshot; Thread; Trace evidence; Virtualization; Volatile data; Volatility plug-in; Wireshark
