Rating: 4 out of 5 stars
4/5
Ebook1,085 pages9 hours
Malware Forensics: Investigating and Analyzing Malicious Code
Rating: 4.5 out of 5 stars
4.5/5
()
About this ebook
Malware Forensics: Investigating and Analyzing Malicious Code covers the complete process of responding to a malicious code incident. Written by authors who have investigated and prosecuted federal malware cases, this book deals with the emerging and evolving field of live forensics, where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss live forensics on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system. It is the first book detailing how to perform live forensic techniques on malicious code.
The book gives deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more. It explores over 150 different tools for malware incident response and analysis, including forensic tools for preserving and analyzing computer memory. Readers from all educational and technical backgrounds will benefit from the clear and concise explanations of the applicable legal case law and statutes covered in every chapter. In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter.
This book is intended for system administrators, information security professionals, network personnel, forensic examiners, attorneys, and law enforcement working with the inner-workings of computer memory and malicious code.
- Winner of Best Book Bejtlich read in 2008!
- http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
- Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader
- First book to detail how to perform "live forensic" techniques on malicous code
- In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter
Author
Eoghan Casey
Eoghan Casey is an internationally recognized expert in data breach investigations and information security forensics. He is founding partner of CASEITE.com, and co-manages the Risk Prevention and Response business unit at DFLabs. Over the past decade, he has consulted with many attorneys, agencies, and police departments in the United States, South America, and Europe on a wide range of digital investigations, including fraud, violent crimes, identity theft, and on-line criminal activity. Eoghan has helped organizations investigate and manage security breaches, including network intrusions with international scope. He has delivered expert testimony in civil and criminal cases, and has submitted expert reports and prepared trial exhibits for computer forensic and cyber-crime cases. In addition to his casework and writing the foundational book Digital Evidence and Computer Crime, Eoghan has worked as R&D Team Lead in the Defense Cyber Crime Institute (DCCI) at the Department of Defense Cyber Crime Center (DC3) helping enhance their operational capabilities and develop new techniques and tools. He also teaches graduate students at Johns Hopkins University Information Security Institute and created the Mobile Device Forensics course taught worldwide through the SANS Institute. He has delivered keynotes and taught workshops around the globe on various topics related to data breach investigation, digital forensics and cyber security. Eoghan has performed thousands of forensic acquisitions and examinations, including Windows and UNIX systems, Enterprise servers, smart phones, cell phones, network logs, backup tapes, and database systems. He also has information security experience, as an Information Security Officer at Yale University and in subsequent consulting work. He has performed vulnerability assessments, deployed and maintained intrusion detection systems, firewalls and public key infrastructures, and developed policies, procedures, and educational programs for a variety of organizations. Eoghan has authored advanced technical books in his areas of expertise that are used by practitioners and universities around the world, and he is Editor-in-Chief of Elsevier's International Journal of Digital Investigation.
Read more from Eoghan Casey
Handbook of Digital Forensics and Investigation Digital Evidence and Computer Crime: Forensic Science, Computers, and the Internet Rating: 4 out of 5 stars4/5Investigating Child Exploitation and Pornography: The Internet, Law and Forensic Science Rating: 5 out of 5 stars5/5Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5
Related to Malware Forensics
Related ebooks
Digital Forensics with Open Source Tools Rating: 3 out of 5 stars3/5Malware Forensics Field Guide for Linux Systems: Digital Forensics Field Guides Rating: 4 out of 5 stars4/5Dissecting the Hack: The F0rb1dd3n Network, Revised Edition: The F0rb1dd3n Network Rating: 4 out of 5 stars4/5Blackhatonomics: An Inside Look at the Economics of Cybercrime Rating: 3 out of 5 stars3/5Placing the Suspect Behind the Keyboard: Using Digital Forensics and Investigative Techniques to Identify Cybercrime Suspects Rating: 0 out of 5 stars0 ratingsDigital Forensics: Threatscape and Best Practices Rating: 0 out of 5 stars0 ratingsSnort Intrusion Detection 2.0 Rating: 4 out of 5 stars4/5The Basics of Hacking and Penetration Testing: Ethical Hacking and Penetration Testing Made Easy Rating: 0 out of 5 stars0 ratingsImplementing Digital Forensic Readiness: From Reactive to Proactive Process Rating: 0 out of 5 stars0 ratingsData Hiding: Exposing Concealed Data in Multimedia, Operating Systems, Mobile Devices and Network Protocols Rating: 5 out of 5 stars5/5No Tech Hacking: A Guide to Social Engineering, Dumpster Diving, and Shoulder Surfing Rating: 4 out of 5 stars4/5Nmap in the Enterprise: Your Guide to Network Scanning Rating: 0 out of 5 stars0 ratingsThe Basics of Cyber Safety: Computer and Mobile Device Safety Made Easy Rating: 5 out of 5 stars5/5Low Tech Hacking: Street Smarts for Security Professionals Rating: 4 out of 5 stars4/5Reverse Engineering Code with IDA Pro Rating: 5 out of 5 stars5/5Building a Digital Forensic Laboratory: Establishing and Managing a Successful Facility Rating: 3 out of 5 stars3/5Hack Proofing Your Network Rating: 0 out of 5 stars0 ratingsSeven Deadliest Network Attacks Rating: 3 out of 5 stars3/5Cyber Reconnaissance, Surveillance and Defense Rating: 4 out of 5 stars4/5Executing Windows Command Line Investigations: While Ensuring Evidentiary Integrity Rating: 0 out of 5 stars0 ratingsThe Cybersecurity Playbook: How Every Leader and Employee Can Contribute to a Culture of Security Rating: 0 out of 5 stars0 ratingsThe Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Buffer Overflow Attacks: Detect, Exploit, Prevent Rating: 4 out of 5 stars4/5Advanced Penetration Testing for Highly-Secured Environments: The Ultimate Security Guide Rating: 5 out of 5 stars5/5Hack the Stack: Using Snort and Ethereal to Master The 8 Layers of An Insecure Network Rating: 0 out of 5 stars0 ratingsInfoSec Career Hacking: Sell Your Skillz, Not Your Soul Rating: 3 out of 5 stars3/5Mastering Malware Analysis: The complete malware analyst's guide to combating malicious software, APT, cybercrime, and IoT attacks Rating: 0 out of 5 stars0 ratingsKali Linux 2 – Assuring Security by Penetration Testing - Third Edition Rating: 0 out of 5 stars0 ratingsKali Linux CTF Blueprints Rating: 0 out of 5 stars0 ratings
Security For You
How to Be Invisible: Protect Your Home, Your Children, Your Assets, and Your Life Rating: 4 out of 5 stars4/5How to Become Anonymous, Secure and Free Online Rating: 5 out of 5 stars5/5Cybersecurity For Dummies Rating: 4 out of 5 stars4/5Make Your Smartphone 007 Smart Rating: 4 out of 5 stars4/5How to Hack Like a Pornstar Rating: 5 out of 5 stars5/5The Hacker Crackdown: Law and Disorder on the Electronic Frontier Rating: 4 out of 5 stars4/5Cybersecurity: The Beginner's Guide: A comprehensive guide to getting started in cybersecurity Rating: 5 out of 5 stars5/5Hacking: Ultimate Beginner's Guide for Computer Hacking in 2018 and Beyond: Hacking in 2018, #1 Rating: 4 out of 5 stars4/5Social Engineering: The Science of Human Hacking Rating: 3 out of 5 stars3/5CompTIA Security+ Study Guide: Exam SY0-601 Rating: 5 out of 5 stars5/5Dark Territory: The Secret History of Cyber War Rating: 4 out of 5 stars4/5CompTIA Network+ Review Guide: Exam N10-008 Rating: 0 out of 5 stars0 ratingsThrough the Firewall: The Alchemy of Turning Crisis into Opportunity Rating: 0 out of 5 stars0 ratingsRemote/WebCam Notarization : Basic Understanding Rating: 3 out of 5 stars3/5The Cyber Attack Survival Manual: Tools for Surviving Everything from Identity Theft to the Digital Apocalypse Rating: 0 out of 5 stars0 ratingsCodes and Ciphers - A History of Cryptography Rating: 4 out of 5 stars4/5Hacking : The Ultimate Comprehensive Step-By-Step Guide to the Basics of Ethical Hacking Rating: 5 out of 5 stars5/5CompTIA Network+ Certification Guide (Exam N10-008): Unleash your full potential as a Network Administrator (English Edition) Rating: 0 out of 5 stars0 ratingsCompTIA Network+ Practice Tests: Exam N10-008 Rating: 0 out of 5 stars0 ratingsMike Meyers CompTIA Security+ Certification Passport, Sixth Edition (Exam SY0-601) Rating: 5 out of 5 stars5/5Wireless Hacking 101 Rating: 4 out of 5 stars4/5Network+ Study Guide & Practice Exams Rating: 4 out of 5 stars4/5Hacking For Dummies Rating: 4 out of 5 stars4/5CompTIA CySA+ Practice Tests: Exam CS0-002 Rating: 0 out of 5 stars0 ratingsUltimate Guide for Being Anonymous: Hacking the Planet, #4 Rating: 5 out of 5 stars5/5The Art of Intrusion: The Real Stories Behind the Exploits of Hackers, Intruders and Deceivers Rating: 4 out of 5 stars4/5Practical Lock Picking: A Physical Penetration Tester's Training Guide Rating: 5 out of 5 stars5/5What is the Dark Web?: The truth about the hidden part of the internet Rating: 4 out of 5 stars4/5
Related podcast episodes
Mobile Forensics 0% found this document usefulBonus: Afternoon Cyber Tea: IoT-Based Infrastructures 0% found this document usefulcybersecurity maturity model certification (CMMC) (noun) [Word Notes] 0% found this document usefulIs enhanced hardware security the answer to ransomware? [CyberWire-X] 100% found this document usefulCybersecurity and Hacking with Kevin Mitnick 0% found this document usefulRERUN: Hacking for Dollars 0% found this document usefulEp 25: Alberto: Illegal hacker or security professional? 100% found this document usefulHacking | What’s in the Blue Box? | 1 0% found this document usefulBlack Hat Go: Tom Steele talks Go for hackers and pentesters 0% found this document usefulCyberWire Pro Interview Selects: Jaclyn Miller from NTT, Ltd. 0% found this document useful69: Human Hacker: Human Hacker 0% found this document usefulGoing Linux #332 · Listener Feedback: Going Linux #332 · Listener Feedback 0% found this document usefulBig breaches (and how to avoid them): with Neil Daswani 0% found this document usefulMITRE ATT&CK (noun) [Word Notes] 0% found this document useful
Related articles
“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker” PC Pro MagazineArticle
“Someone Who Under Takes A Ransomware Attack Isn’t A Hacker, They’re An Attacker”
Aug 12, 2021
If you’ve ever attended an infosec or cybersecurity event, you will no doubt have noticed the preponderance of “Hacking is NOT a Crime” stickers. In 2018, some 500 such stickers were handed out at the DEF CON 26 event, the following year 5,000 were d
7 min read“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive” PC Pro MagazineArticle
“Vulnerability Hunters Tend To Be Cut From A Different Cloth. They Are Naturally In Quisitive”
Jan 6, 2022
7 min readPeople Are Secretly Buying Handguns On The Dark Web FuturityArticle
People Are Secretly Buying Handguns On The Dark Web
Apr 24, 2019
2 min readHacker’s Manual Linux FormatArticle
Hacker’s Manual
Nov 17, 2020
1 min readHacker’s Manual Maximum PCArticle
Hacker’s Manual
Mar 2, 2021
1 min readHack The Planet/Parrot Linux FormatArticle
Hack The Planet/Parrot
May 31, 2022
2 min readHow to Protect Your Small Business Against a Cyber Attack EntrepreneurArticle
How to Protect Your Small Business Against a Cyber Attack
Feb 1, 2013
8 min readTsurugi Linux 2019.1 Linux FormatArticle
Tsurugi Linux 2019.1
Sep 24, 2019
2 min readEverything You May Have Wanted to Know About Ethical/Whitehat Hackers TechfastlyArticle
Everything You May Have Wanted to Know About Ethical/Whitehat Hackers
Oct 21, 2020
5 min readNetwork Attacks TechLifeArticle
Network Attacks
Sep 21, 2020
Though less common than malware and social engineering, network-based attacks are still a threat to every computer and mobile user, and everyone should have at least a basic understanding of what they are and how to avoid them. So this month let’s lo
4 min readUse Home Assistant NodeRED devices Linux FormatArticle
Use Home Assistant NodeRED devices
May 31, 2022
NodeRED is an open source graphical programming environment that can be used to complete a large number of tasks. Graphical programming languages tend to be more intuitive than textual programming languages and can be easier to learn. Support is buil
5 min readLook Internally For New Cyber Security Employees NZBusiness and ManagementArticle
Look Internally For New Cyber Security Employees
May 27, 2019
2 min readKRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know MacWorldArticle
KRACK Wi-Fi Attack Threatens All Networks: How To Stay Safe And What You Need To Know
Nov 29, 2017
5 min readArtificial Intelligence: The Next Step for Cybersecurity Cannabis & Tech TodayArticle
Artificial Intelligence: The Next Step for Cybersecurity
Apr 1, 2019
3 min readHack The System Linux FormatArticle
Hack The System
Dec 17, 2019
If you followed our handy guide on the previous pages, then you’ll already have augmented your Kali Light installation with Nmap, a port-scanning utility par excellence and a vital part of any pen-tester’s arsenal. As mentioned on the DVD page (there
4 min readReview of Cybersecurity Certification TechfastlyArticle
Review of Cybersecurity Certification
Feb 4, 2021
4 min readThe Low-Tech Hack You're Not Prepared For EntrepreneurArticle
The Low-Tech Hack You're Not Prepared For
Sep 1, 2016
1 min readBuilding a Cybersecurity Fence Residential Tech TodayArticle
Building a Cybersecurity Fence
Jan 30, 2019
4 min readHacker Distributions Linux FormatArticle
Hacker Distributions
Nov 17, 2020
1 min readSocial Engineering Maximum PCArticle
Social Engineering
Oct 15, 2019
5 min readWeb App Security Linux FormatArticle
Web App Security
Jun 29, 2021
8 min readTurn Your Raspberry Pi Into A Cloud Server Linux FormatArticle
Turn Your Raspberry Pi Into A Cloud Server
Aug 24, 2021
6 min readIntroducing Kali Maximum PCArticle
Introducing Kali
Mar 2, 2021
4 min readEnough Is Enough MASK The MagazineArticle
Enough Is Enough
Nov 15, 2017
2 min readWhat If? RECOIL OFFGRIDArticle
What If?
Aug 10, 2021
16 min readDigital DNA in Junior High MASK The MagazineArticle
Digital DNA in Junior High
Nov 15, 2019
2 min readDigital DNA in High School MASK The MagazineArticle
Digital DNA in High School
Nov 15, 2019
2 min read18 For Defending The Vulnerable Online Fast CompanyArticle
18 For Defending The Vulnerable Online
May 29, 2019
1 min readWayfair Should Have Seen This Coming The AtlanticArticle
Wayfair Should Have Seen This Coming
Jun 26, 2019
4 min readPhishing Is the Internet’s Most Successful Con The AtlanticArticle
Phishing Is the Internet’s Most Successful Con
Sep 12, 2018
8 min read
Reviews for Malware Forensics
Rating: 4.5 out of 5 stars
4.5/5
2 ratings0 reviews
Book preview
Malware Forensics - Eoghan Casey
http://www.virusbtn.com/resources/glossary/blended_threat.xml.
Chapter 1
Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System
Solutions in this chapter:
Building Your Live Response Toolkit
Volatile Data Collection Methodology
Current and Recent Network Connections
Collecting Process Information
Correlate Open Ports with Running Processes and Programs
Identifying Services and Drivers
Determining Scheduled Tasks
Collecting Clipboard Contents
Non-Volatile Data Collection from a Live Windows System
Forensic Duplication of Storage Media on a Live Windows System
Forensic Preservation of Select Data on a Live Windows System
Incident Response Tool Suites for Windows
Introduction
This chapter demonstrates the value of preserving volatile data, and provides practical guidance on preserving such data in a forensically sound manner. The value of volatile data is not limited to process memory associated with malware, but can include passwords, Internet Protocol (IP) addresses, Security Event Log entries, and other contextual details that can provide a more complete understanding of the malware and its use on a system.
In a powered-up state, a subject system contains critical ephemeral information that reveals the state of the system. This volatile data is sometimes referred to as stateful information. Incident response forensics, or live response, is the process of acquiring the stateful information from the subject system while it remains powered on. As we discussed in the introductory chapter, the Order of Volatility should be considered when collecting data from a live system to ensure that critical system data is acquired before it is lost or the system is powered down. Further, because the scope of this chapter pertains to live response through the lens of a malicious code incident, the preservation techniques outlined in this section are not intended to be comprehensive or exhaustive, but rather to provide a solid foundation relating to malware on a live
Enjoying the preview?
Page 1 of 1