My Account Log in

1 option

Malware forensics : investigating and analyzing malicious code / James M. Aquilina, Eoghan Casey, Cameron H. Malin.

O'Reilly Online Learning: Academic/Public Library Edition Available online

View online
Format:
Book
Author/Creator:
Aquilina, James M.
Contributor:
Malin, Cameron H.
Casey, Eoghan.
Language:
English
Subjects (All):
Computer security.
Computer viruses--Identification.
Computer viruses.
Computer crimes--Investigation.
Computer crimes.
Physical Description:
1 online resource (713 p.)
Edition:
1st edition
Other Title:
Investigating and analyzing malicious code
Place of Publication:
Burlington, MA : Syngress Publishing, 2008.
Language Note:
English
System Details:
text file
Summary:
Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of ""live forensics,"" where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss ?live forensics? on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised
Contents:
Front Cover; Malware Forensics: Investigating and Analyzing Malicious Code; Copyright Page; Dedication Page; Acknowledgements; Authors; Technical Editor; Contents; Introduction; Investigative And Forensic Methodologies; Forensic Analysis; Malware Analysis; From Malware Analysis To Malware Forensics; Chapter 1: Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System; Introduction; Building Your Live Response Toolkit; Testing and Validating your Tools; System/Host Integrity Monitoring; Volatile Data Collection Methodology; Preservation of Volatile Data
Full Memory CaptureFull Memory Acquisition on a Live Windows System; Collecting Subject System Details; System Date and Time; System Identifiers; Network Configuration; Enabled Protocols; System Uptime; System Environment; Identifying Users Logged into the System; Psloggedon; Quser (Query User Utility); Netusers; LogonSessions; Inspect Network Connections and Activity; Current and Recent Network Connections; Netstat; DNS Queries from the Host System; NetBIOS Connections; ARP Cache; Collecting Process Information; Process Name and Process Identification (PID); Temporal Context; Memory Usage
Process to Executable Program Mapping: Full System Path to Executable FileProcess to User Mapping; Child Processes; Command-line Parameters; File Handles; Dependencies Loaded by Running Processes; Exported DLLs; Capturing the Memory Contents of a Process on a Live Windows System; Correlate Open Ports with Running Processes and Programs; Openports; CurrPorts; Identifying Services and Drivers; Determining Open Files; Identifying Files Opened Locally; Identifying Files Opened Remotely; Collecting the Command History; Identifying Shares; Determining Scheduled Tasks; Collecting Clipboard Contents
Non-Volatile Data Collection from a Live Windows SystemForensic Duplication of Storage Media on a Live Windows System; Forensic Preservation of Select Data on a Live Windows System; Assess Security Configuration; Assess Trusted Host Relationships; Inspect Prefetch Files; Inspect Auto-starting Locations; Collect Event Logs; Review User Account and Group Policy Information; Examine the File System; Dumping and Parsing Registry Contents; Examine Web Browsing Activities; Incident Response Tool Suites for Windows; Windows Forensic Toolchest; ProDiscoverIR; OnlineDFS/LiveWire
Regimented Potential Incident Examination Report (RPIER)Nigilant32; Malware Discovery and Extraction From a Live Windows System; Nigilant32; Extracting Suspicious Files; Conclusions; Notes; Chapter 2: Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System; Introduction; Volatile Data Collection Methodology; Incident Response Tool Suites for Linux; Full Memory Dump on a Live UNIX System; Preserving Process Memory on a Live UNIX System; Collecting Subject System Details; Identifying Users Logged into the System; Determining Network Connections and Activity
Collecting Process Information
Notes:
Includes index.
Includes bibliographical references and index.
ISBN:
9786611762957
9781281762955
1281762954
9780080560199
0080560199
OCLC:
437245613

The Penn Libraries is committed to describing library materials using current, accurate, and responsible language. If you discover outdated or inaccurate language, please fill out this feedback form to report it and suggest alternative language.

Find

Home Release notes

My Account

Shelf Request an item Bookmarks Fines and fees Settings

Guides

Using the Find catalog Using Articles+ Using your account