TY - BOOK AU - Malin,Cameron H. AU - Casey,Eoghan AU - Aquilina,James M. TI - Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides T2 - eBooks on Demand SN - 9781597494717 AV - QA76.9.A25 .M384 2013 U1 - 005.8 PY - 2013/// CY - Burlington PB - Elsevier Science KW - Computer networks -- Examinations -- Study guides KW - Computer security KW - Linux -- Examinations -- Study guides KW - Operating systems (Computers) -- Examinations -- Study guides KW - Electronic books N1 - Cover image; Title page; Table of Contents; Copyright; Dedication; Acknowledgments; Special Thanks to the Technical Editor; Biography; About the Authors; About the Technical Editor; Introduction; Introduction to Malware Forensics; Class Versus Individuating Characteristics; Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Solutions in this chapter:; Introduction; Volatile Data Collection Methodology; Nonvolatile Data Collection from a Live Linux System; Conclusion; Pitfalls to Avoid; Incident Tool Suites; Remote Collection Tools; Volatile Data Collection and Analysis ToolsCollecting Subject System Details; Identifying Users Logged into the System; Network Connections and Activity; Process Analysis; Loaded Modules; Open Files; Command History; Selected Readings; Linux Memory Forensics Tools; Interpreting Various Data Structures in Linux Memory; Dumping Linux Process Memory; Dissecting Linux Process Memory; Conclusions; Pitfalls to Avoid; Field Notes: Memory Forensics; Selected Readings; Chapter 2. Linux Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts; Solutions in this Chapter; IntroductionMemory Forensics Overview; "Old School" Memory Analysis; How Linux Memory Forensics Tools Work; Chapter 3. Postmortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems; Solutions in this Chapter; Introduction; Linux Forensic Analysis Overview; Malware Discovery and Extraction from a Linux System; Examine Linux File System; Examine Application Traces; Keyword Searching; Forensic Reconstruction of Compromised Linux Systems; Advanced Malware Discovery and Extraction from a Linux System; Conclusions; Pitfalls to Avoid; Field Notes: Linux System ExaminationsForensic Tool Suites; Timeline Generation; Selected Readings; Chapter 4. Legal Considerations; Solutions in this Chapter:; Framing the Issues; General Considerations; Sources of Investigative Authority; Statutory Limits on Authority; Tools for Acquiring Data; Acquiring Data Across Borders; Involving Law Enforcement; Improving Chances for Admissibility; State Private Investigator and Breach Notification Statutes; International Resources:; The Federal Rules: Evidence for Digital Investigators; Chapter 5. File Identification and Profiling: Initial Analysis of a Suspect File on a Linux SystemSolutions in this Chapter:; Introduction; Overview of the File Profiling Process; Working With Linux Executables; File Similarity Indexing; File Visualization; Symbolic and Debug Information; Embedded File Metadata; File Obfuscation: Packing and Encryption Identification; Embedded Artifact Extraction Revisited; Executable and Linkable Format (ELF); Profiling Suspect Document Files; Profiling Adobe Portable Document Format (PDF) Files; Profiling Microsoft (MS) Office Files; Conclusion; Pitfalls to Avoid N2 - The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a ""toolkit"" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab UR - http://uttyler.eblib.com/patron/FullRecord.aspx?p=1115128 ER -