Malware Forensics Field Guide for Windows Systems
by Zeljka Zorz - 8 October 2012.
Authors: Cameron H. Malin, Eoghan Casey, and James M. Aquilina
Pages: 560
Publisher: Syngress
ISBN: 1597494720


If you are looking for a field guide that will help you identify malware on a Windows computer system, examine it, and determine its impact, than this book might be just the right thing for you.

About the authors

Cameron H. Malin is a Supervisory Special Agent with the FBI assigned to a Cyber Crime squad in Los Angeles, California. He is also the Chapter Lead for the Southern California Chapter of the Honeynet Project, a Certified Ethical Hacker and Certified Defense Architect.

Eoghan Casey is a founding partner of cmdLabs and author of two books on digital forensics. He works at the Department of Defensee Cyber Crime Center (DC3) on researcher and tool development. He is also the Editor-in-Chief of Digital Investigation: The International Journal of Digital Forensics and Incident Response.

James M. Aquilina is an Executive Managing Director and Deputy General Counsel with Stroz Friedberg, where he supervises numerous digital forensic, Internet investigative, and electronic discovery assignments for government agencies, major law firms, and others in criminal, civil, regulatory, and internal corporate matters.

Inside the book

This book is written with the following premise in mind: when malware is discovered on a system, time pressure to investigate should be secondary to organized methodology, sound analysis, steady documentation and attention to evidence dynamics.

Don't skip the introduction - it will give you valuable insight into why the book is structured as it is and how to use it.

The book is divided into five big chapters that cover subjects such as the collection of volatile data and examination on a live Windows system; the analysis of physical and process memory dumps in search for malware artifacts; malware extraction from Windows systems; the legal considerations of all those actions; file identification and profiling; and the analysis of a malware specimen.

The chapters should be read sequentially if you're new to malware forensics, but their internal structure is also perfectly suited for helping forensic experts jog their memory while in the process of doing their jobs. The last two chapters - on file identification, profiling and malware analysis - are especially large and comprehensive.

Each chapter is peppered throughout with examples of field interview questions to be used while responding to an incident, field note examples, analysis tips, tips on common mistakes to avoid, information about tools that can be used in the investigation, and a list of supplemental texts on each subject.

Final thoughts

This book is an exhaustive field guide that can help forensic specialists become experts at their job. Well written and structured, it's easy to read and to flip through at need.


Harnessing artificial intelligence to build an army of virtual analysts

PatternEx, a startup that gathered a team of AI researcher from MIT CSAIL as well as security and distributed systems experts, is poised to shake up things in the user and entity behavior analytics market.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Tue, Feb 9th