Malware Forensics Field Guide for Linux Systems : Digital Forensics Field GuidesMaterial type: TextSeries: eBooks on DemandPublisher: Burlington : Elsevier Science, 2013Description: 1 online resource (1037 p.)ISBN: 9781597494717Subject(s): Computer networks -- Examinations -- Study guides | Computer security | Linux -- Examinations -- Study guides | Operating systems (Computers) -- Examinations -- Study guidesGenre/Form: Electronic books.Additional physical formats: Print version:: Malware Forensics Field Guide for Linux Systems : Digital Forensics Field GuidesDDC classification: 005.8 LOC classification: QA76.9.A25 .M384 2013Online resources: Click here to view this ebook.
|Item type||Current location||Call number||URL||Status||Date due||Barcode|
|Electronic Book||UT Tyler Online Online||QA76.9.A25 .M384 2013 (Browse shelf)||http://uttyler.eblib.com/patron/FullRecord.aspx?p=1115128||Available||EBL1115128|
Browsing UT Tyler Online shelves, Shelving location: Online Close shelf browser
|QA76.9.A25 .M355 2015 Applied Cryptography and Network Security : 13th International Conference, ACNS 2015, New York, NY, USA, June 2-5, 2015, Revised Selected Papers.||QA76.9.A25 .M368 2016 Applied Cryptography and Network Security : 14th International Conference, ACNS 2016, Guildford, UK, June 19-22, 2016. Proceedings.||QA76.9.A25.M375 2003eb Mastering Web Services Security.||QA76.9.A25 .M384 2013 Malware Forensics Field Guide for Linux Systems :||QA76.9.A25 .M384 2014 Hardware Security :||QA76.9.A25 .M389 2016 Graphical Models for Security : Second International Workshop, GraMSec 2015, Verona, Italy, July 13, 2015, Revised Selected Papers.||QA76.9.A25 M396 2007 Metasploit Toolkit for Penetration Testing, Exploit Development, and Vulnerability Research.|
Cover image; Title page; Table of Contents; Copyright; Dedication; Acknowledgments; Special Thanks to the Technical Editor; Biography; About the Authors; About the Technical Editor; Introduction; Introduction to Malware Forensics; Class Versus Individuating Characteristics; Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Solutions in this chapter:; Introduction; Volatile Data Collection Methodology; Nonvolatile Data Collection from a Live Linux System; Conclusion; Pitfalls to Avoid; Incident Tool Suites; Remote Collection Tools
Volatile Data Collection and Analysis ToolsCollecting Subject System Details; Identifying Users Logged into the System; Network Connections and Activity; Process Analysis; Loaded Modules; Open Files; Command History; Selected Readings; Linux Memory Forensics Tools; Interpreting Various Data Structures in Linux Memory; Dumping Linux Process Memory; Dissecting Linux Process Memory; Conclusions; Pitfalls to Avoid; Field Notes: Memory Forensics; Selected Readings; Chapter 2. Linux Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts; Solutions in this Chapter:
IntroductionMemory Forensics Overview; "Old School" Memory Analysis; How Linux Memory Forensics Tools Work; Chapter 3. Postmortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems; Solutions in this Chapter; Introduction; Linux Forensic Analysis Overview; Malware Discovery and Extraction from a Linux System; Examine Linux File System; Examine Application Traces; Keyword Searching; Forensic Reconstruction of Compromised Linux Systems; Advanced Malware Discovery and Extraction from a Linux System; Conclusions; Pitfalls to Avoid
Field Notes: Linux System ExaminationsForensic Tool Suites; Timeline Generation; Selected Readings; Chapter 4. Legal Considerations; Solutions in this Chapter:; Framing the Issues; General Considerations; Sources of Investigative Authority; Statutory Limits on Authority; Tools for Acquiring Data; Acquiring Data Across Borders; Involving Law Enforcement; Improving Chances for Admissibility; State Private Investigator and Breach Notification Statutes; International Resources:; The Federal Rules: Evidence for Digital Investigators
Chapter 5. File Identification and Profiling: Initial Analysis of a Suspect File on a Linux SystemSolutions in this Chapter:; Introduction; Overview of the File Profiling Process; Working With Linux Executables; File Similarity Indexing; File Visualization; Symbolic and Debug Information; Embedded File Metadata; File Obfuscation: Packing and Encryption Identification; Embedded Artifact Extraction Revisited; Executable and Linkable Format (ELF); Profiling Suspect Document Files; Profiling Adobe Portable Document Format (PDF) Files; Profiling Microsoft (MS) Office Files; Conclusion
Pitfalls to Avoid
The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a ""toolkit"" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.
Description based upon print version of record.