Malin, Cameron H.

Malware Forensics Field Guide for Linux Systems : Digital Forensics Field Guides - Burlington : Elsevier Science, 2013. - 1 online resource (1037 p.) - eBooks on Demand .

Cover image; Title page; Table of Contents; Copyright; Dedication; Acknowledgments; Special Thanks to the Technical Editor; Biography; About the Authors; About the Technical Editor; Introduction; Introduction to Malware Forensics; Class Versus Individuating Characteristics; Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Solutions in this chapter:; Introduction; Volatile Data Collection Methodology; Nonvolatile Data Collection from a Live Linux System; Conclusion; Pitfalls to Avoid; Incident Tool Suites; Remote Collection Tools Volatile Data Collection and Analysis ToolsCollecting Subject System Details; Identifying Users Logged into the System; Network Connections and Activity; Process Analysis; Loaded Modules; Open Files; Command History; Selected Readings; Linux Memory Forensics Tools; Interpreting Various Data Structures in Linux Memory; Dumping Linux Process Memory; Dissecting Linux Process Memory; Conclusions; Pitfalls to Avoid; Field Notes: Memory Forensics; Selected Readings; Chapter 2. Linux Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts; Solutions in this Chapter: IntroductionMemory Forensics Overview; "Old School" Memory Analysis; How Linux Memory Forensics Tools Work; Chapter 3. Postmortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems; Solutions in this Chapter; Introduction; Linux Forensic Analysis Overview; Malware Discovery and Extraction from a Linux System; Examine Linux File System; Examine Application Traces; Keyword Searching; Forensic Reconstruction of Compromised Linux Systems; Advanced Malware Discovery and Extraction from a Linux System; Conclusions; Pitfalls to Avoid Field Notes: Linux System ExaminationsForensic Tool Suites; Timeline Generation; Selected Readings; Chapter 4. Legal Considerations; Solutions in this Chapter:; Framing the Issues; General Considerations; Sources of Investigative Authority; Statutory Limits on Authority; Tools for Acquiring Data; Acquiring Data Across Borders; Involving Law Enforcement; Improving Chances for Admissibility; State Private Investigator and Breach Notification Statutes; International Resources:; The Federal Rules: Evidence for Digital Investigators Chapter 5. File Identification and Profiling: Initial Analysis of a Suspect File on a Linux SystemSolutions in this Chapter:; Introduction; Overview of the File Profiling Process; Working With Linux Executables; File Similarity Indexing; File Visualization; Symbolic and Debug Information; Embedded File Metadata; File Obfuscation: Packing and Encryption Identification; Embedded Artifact Extraction Revisited; Executable and Linkable Format (ELF); Profiling Suspect Document Files; Profiling Adobe Portable Document Format (PDF) Files; Profiling Microsoft (MS) Office Files; Conclusion Pitfalls to Avoid

The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a ""toolkit"" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.

9781597494717 49.42 (UA)

Computer networks -- Examinations -- Study guides.
Computer security.
Linux -- Examinations -- Study guides.
Operating systems (Computers) -- Examinations -- Study guides.

Electronic books.

QA76.9.A25 .M384 2013