Malware forensic field guide for linux system : digital forensic field guide /
Malin, Cameron. H.
Malware forensic field guide for linux system : digital forensic field guide / Malin H. Cameron, Eogham Casey, and James M. Aquillina. - Amsterdam: Elsevier, c2014 - xxxix, 574 p. ill. 23 cm.
Contents
1. Malware incident response
Nonvolatile Data collection from a live linux system
Conclusion
2. Linux memory forensic
Introduction
Interpreting various data structures in Linux memory
Dumping Linux process memory
Dissecting Linux process memory
Conclusion
3. Postmortem forensics
Introduction
Examining Linux file system
Examining application traces
Key word searching
Forensics reconstruction of compromised Linux systems
etc
4. Legal considerations
Framing the issues
General considerations
Source of investigative authority
Statutory limits on Authority
Tools for acquiring data
etc
5. File identification and profiling
Introduction
File similarity indexing
Symbolic and debug information
Embedded file Metadata
File Obfuscation:Packing and encryption identification
etc
6. Analysis of a Malware specimen
Introduction
Pre-execution preparation: system and network monitoring
Execution Artifact Capture: Digital impression and trace evidence
Executing the malicious code specimen
Automated Malware analysis framework
Interacting with and manipulating the Malware specimen
etc
Includes Index p. 565-574
9781597494700
Malware Forensic
Linux systems
005.8 / MAL
Malware forensic field guide for linux system : digital forensic field guide / Malin H. Cameron, Eogham Casey, and James M. Aquillina. - Amsterdam: Elsevier, c2014 - xxxix, 574 p. ill. 23 cm.
Contents
1. Malware incident response
Nonvolatile Data collection from a live linux system
Conclusion
2. Linux memory forensic
Introduction
Interpreting various data structures in Linux memory
Dumping Linux process memory
Dissecting Linux process memory
Conclusion
3. Postmortem forensics
Introduction
Examining Linux file system
Examining application traces
Key word searching
Forensics reconstruction of compromised Linux systems
etc
4. Legal considerations
Framing the issues
General considerations
Source of investigative authority
Statutory limits on Authority
Tools for acquiring data
etc
5. File identification and profiling
Introduction
File similarity indexing
Symbolic and debug information
Embedded file Metadata
File Obfuscation:Packing and encryption identification
etc
6. Analysis of a Malware specimen
Introduction
Pre-execution preparation: system and network monitoring
Execution Artifact Capture: Digital impression and trace evidence
Executing the malicious code specimen
Automated Malware analysis framework
Interacting with and manipulating the Malware specimen
etc
Includes Index p. 565-574
9781597494700
Malware Forensic
Linux systems
005.8 / MAL