Malware Forensics Field Guide for Windows Systems
by Zeljka Zorz - 8 October 2012.
Authors: Cameron H. Malin, Eoghan Casey, and James M. Aquilina
Pages: 560
Publisher: Syngress
ISBN: 1597494720



Introduction

If you are looking for a field guide that will help you identify malware on a Windows computer system, examine it, and determine its impact, than this book might be just the right thing for you.

About the authors

Cameron H. Malin is a Supervisory Special Agent with the FBI assigned to a Cyber Crime squad in Los Angeles, California. He is also the Chapter Lead for the Southern California Chapter of the Honeynet Project, a Certified Ethical Hacker and Certified Defense Architect.

Eoghan Casey is a founding partner of cmdLabs and author of two books on digital forensics. He works at the Department of Defensee Cyber Crime Center (DC3) on researcher and tool development. He is also the Editor-in-Chief of Digital Investigation: The International Journal of Digital Forensics and Incident Response.

James M. Aquilina is an Executive Managing Director and Deputy General Counsel with Stroz Friedberg, where he supervises numerous digital forensic, Internet investigative, and electronic discovery assignments for government agencies, major law firms, and others in criminal, civil, regulatory, and internal corporate matters.

Inside the book

This book is written with the following premise in mind: when malware is discovered on a system, time pressure to investigate should be secondary to organized methodology, sound analysis, steady documentation and attention to evidence dynamics.

Don't skip the introduction - it will give you valuable insight into why the book is structured as it is and how to use it.

The book is divided into five big chapters that cover subjects such as the collection of volatile data and examination on a live Windows system; the analysis of physical and process memory dumps in search for malware artifacts; malware extraction from Windows systems; the legal considerations of all those actions; file identification and profiling; and the analysis of a malware specimen.

The chapters should be read sequentially if you're new to malware forensics, but their internal structure is also perfectly suited for helping forensic experts jog their memory while in the process of doing their jobs. The last two chapters - on file identification, profiling and malware analysis - are especially large and comprehensive.

Each chapter is peppered throughout with examples of field interview questions to be used while responding to an incident, field note examples, analysis tips, tips on common mistakes to avoid, information about tools that can be used in the investigation, and a list of supplemental texts on each subject.

Final thoughts

This book is an exhaustive field guide that can help forensic specialists become experts at their job. Well written and structured, it's easy to read and to flip through at need.



Spotlight

Almost 1 in 10 Android apps are now malware

Posted on 28 July 2014.  |  Cheetah Mobile Threat Research Labs analyzed trends in mobile viruses for Q1 and Q2 of 2014. Pulling 24.4 million sample files they found that 2.2 million files had viruses. This is a 153% increase from the number of infected files in 2013.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Mon, Jul 28th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //