The University of Texas at Tyler Libraries

Malware Forensics Field Guide for Linux Systems : Digital Forensics Field Guides

By: Malin, Cameron HContributor(s): Casey, Eoghan | Aquilina, James MMaterial type: TextTextSeries: eBooks on DemandPublisher: Burlington : Elsevier Science, 2013Description: 1 online resource (1037 p.)ISBN: 9781597494717Subject(s): Computer networks -- Examinations -- Study guides | Computer security | Linux -- Examinations -- Study guides | Operating systems (Computers) -- Examinations -- Study guidesGenre/Form: Electronic books.Additional physical formats: Print version:: Malware Forensics Field Guide for Linux Systems : Digital Forensics Field GuidesDDC classification: 005.8 LOC classification: QA76.9.A25 .M384 2013Online resources: Click here to view this ebook.
Contents:
Cover image; Title page; Table of Contents; Copyright; Dedication; Acknowledgments; Special Thanks to the Technical Editor; Biography; About the Authors; About the Technical Editor; Introduction; Introduction to Malware Forensics; Class Versus Individuating Characteristics; Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Solutions in this chapter:; Introduction; Volatile Data Collection Methodology; Nonvolatile Data Collection from a Live Linux System; Conclusion; Pitfalls to Avoid; Incident Tool Suites; Remote Collection Tools
Volatile Data Collection and Analysis ToolsCollecting Subject System Details; Identifying Users Logged into the System; Network Connections and Activity; Process Analysis; Loaded Modules; Open Files; Command History; Selected Readings; Linux Memory Forensics Tools; Interpreting Various Data Structures in Linux Memory; Dumping Linux Process Memory; Dissecting Linux Process Memory; Conclusions; Pitfalls to Avoid; Field Notes: Memory Forensics; Selected Readings; Chapter 2. Linux Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts; Solutions in this Chapter:
IntroductionMemory Forensics Overview; "Old School" Memory Analysis; How Linux Memory Forensics Tools Work; Chapter 3. Postmortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems; Solutions in this Chapter; Introduction; Linux Forensic Analysis Overview; Malware Discovery and Extraction from a Linux System; Examine Linux File System; Examine Application Traces; Keyword Searching; Forensic Reconstruction of Compromised Linux Systems; Advanced Malware Discovery and Extraction from a Linux System; Conclusions; Pitfalls to Avoid
Field Notes: Linux System ExaminationsForensic Tool Suites; Timeline Generation; Selected Readings; Chapter 4. Legal Considerations; Solutions in this Chapter:; Framing the Issues; General Considerations; Sources of Investigative Authority; Statutory Limits on Authority; Tools for Acquiring Data; Acquiring Data Across Borders; Involving Law Enforcement; Improving Chances for Admissibility; State Private Investigator and Breach Notification Statutes; International Resources:; The Federal Rules: Evidence for Digital Investigators
Chapter 5. File Identification and Profiling: Initial Analysis of a Suspect File on a Linux SystemSolutions in this Chapter:; Introduction; Overview of the File Profiling Process; Working With Linux Executables; File Similarity Indexing; File Visualization; Symbolic and Debug Information; Embedded File Metadata; File Obfuscation: Packing and Encryption Identification; Embedded Artifact Extraction Revisited; Executable and Linkable Format (ELF); Profiling Suspect Document Files; Profiling Adobe Portable Document Format (PDF) Files; Profiling Microsoft (MS) Office Files; Conclusion
Pitfalls to Avoid
Summary: The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a ""toolkit"" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.
Tags from this library: No tags from this library for this title. Log in to add tags.

Cover image; Title page; Table of Contents; Copyright; Dedication; Acknowledgments; Special Thanks to the Technical Editor; Biography; About the Authors; About the Technical Editor; Introduction; Introduction to Malware Forensics; Class Versus Individuating Characteristics; Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Solutions in this chapter:; Introduction; Volatile Data Collection Methodology; Nonvolatile Data Collection from a Live Linux System; Conclusion; Pitfalls to Avoid; Incident Tool Suites; Remote Collection Tools

Volatile Data Collection and Analysis ToolsCollecting Subject System Details; Identifying Users Logged into the System; Network Connections and Activity; Process Analysis; Loaded Modules; Open Files; Command History; Selected Readings; Linux Memory Forensics Tools; Interpreting Various Data Structures in Linux Memory; Dumping Linux Process Memory; Dissecting Linux Process Memory; Conclusions; Pitfalls to Avoid; Field Notes: Memory Forensics; Selected Readings; Chapter 2. Linux Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts; Solutions in this Chapter:

IntroductionMemory Forensics Overview; "Old School" Memory Analysis; How Linux Memory Forensics Tools Work; Chapter 3. Postmortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems; Solutions in this Chapter; Introduction; Linux Forensic Analysis Overview; Malware Discovery and Extraction from a Linux System; Examine Linux File System; Examine Application Traces; Keyword Searching; Forensic Reconstruction of Compromised Linux Systems; Advanced Malware Discovery and Extraction from a Linux System; Conclusions; Pitfalls to Avoid

Field Notes: Linux System ExaminationsForensic Tool Suites; Timeline Generation; Selected Readings; Chapter 4. Legal Considerations; Solutions in this Chapter:; Framing the Issues; General Considerations; Sources of Investigative Authority; Statutory Limits on Authority; Tools for Acquiring Data; Acquiring Data Across Borders; Involving Law Enforcement; Improving Chances for Admissibility; State Private Investigator and Breach Notification Statutes; International Resources:; The Federal Rules: Evidence for Digital Investigators

Chapter 5. File Identification and Profiling: Initial Analysis of a Suspect File on a Linux SystemSolutions in this Chapter:; Introduction; Overview of the File Profiling Process; Working With Linux Executables; File Similarity Indexing; File Visualization; Symbolic and Debug Information; Embedded File Metadata; File Obfuscation: Packing and Encryption Identification; Embedded Artifact Extraction Revisited; Executable and Linkable Format (ELF); Profiling Suspect Document Files; Profiling Adobe Portable Document Format (PDF) Files; Profiling Microsoft (MS) Office Files; Conclusion

Pitfalls to Avoid

The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a ""toolkit"" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.

Description based upon print version of record.

There are no comments on this title.

to post a comment.