UID:
almahu_9948026278302882
Format:
1 online resource (713 p.)
Edition:
1st edition
ISBN:
1-281-76295-4
,
9786611762957
,
0-08-056019-9
Content:
Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of ""live forensics,"" where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss ?live forensics? on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised
Note:
Includes index.
,
Front Cover; Malware Forensics: Investigating and Analyzing Malicious Code; Copyright Page; Dedication Page; Acknowledgements; Authors; Technical Editor; Contents; Introduction; Investigative And Forensic Methodologies; Forensic Analysis; Malware Analysis; From Malware Analysis To Malware Forensics; Chapter 1: Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System; Introduction; Building Your Live Response Toolkit; Testing and Validating your Tools; System/Host Integrity Monitoring; Volatile Data Collection Methodology; Preservation of Volatile Data
,
Full Memory CaptureFull Memory Acquisition on a Live Windows System; Collecting Subject System Details; System Date and Time; System Identifiers; Network Configuration; Enabled Protocols; System Uptime; System Environment; Identifying Users Logged into the System; Psloggedon; Quser (Query User Utility); Netusers; LogonSessions; Inspect Network Connections and Activity; Current and Recent Network Connections; Netstat; DNS Queries from the Host System; NetBIOS Connections; ARP Cache; Collecting Process Information; Process Name and Process Identification (PID); Temporal Context; Memory Usage
,
Process to Executable Program Mapping: Full System Path to Executable FileProcess to User Mapping; Child Processes; Command-line Parameters; File Handles; Dependencies Loaded by Running Processes; Exported DLLs; Capturing the Memory Contents of a Process on a Live Windows System; Correlate Open Ports with Running Processes and Programs; Openports; CurrPorts; Identifying Services and Drivers; Determining Open Files; Identifying Files Opened Locally; Identifying Files Opened Remotely; Collecting the Command History; Identifying Shares; Determining Scheduled Tasks; Collecting Clipboard Contents
,
Non-Volatile Data Collection from a Live Windows SystemForensic Duplication of Storage Media on a Live Windows System; Forensic Preservation of Select Data on a Live Windows System; Assess Security Configuration; Assess Trusted Host Relationships; Inspect Prefetch Files; Inspect Auto-starting Locations; Collect Event Logs; Review User Account and Group Policy Information; Examine the File System; Dumping and Parsing Registry Contents; Examine Web Browsing Activities; Incident Response Tool Suites for Windows; Windows Forensic Toolchest; ProDiscoverIR; OnlineDFS/LiveWire
,
Regimented Potential Incident Examination Report (RPIER)Nigilant32; Malware Discovery and Extraction From a Live Windows System; Nigilant32; Extracting Suspicious Files; Conclusions; Notes; Chapter 2: Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Introduction; Volatile Data Collection Methodology; Incident Response Tool Suites for Linux; Full Memory Dump on a Live UNIX System; Preserving Process Memory on a Live UNIX System; Collecting Subject System Details; Identifying Users Logged into the System; Determining Network Connections and Activity
,
Collecting Process Information
,
English
Additional Edition:
ISBN 1-59749-268-X
Language:
English
