Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Cover image Title page Table of Contents Copyright Dedication Acknowledgments
Special Thanks to the Technical Editor
Biography
About the Authors
About the Technical Editor Introduction
Introduction to Malware Forensics Class Versus Individuating Characteristics
Chapter 1. Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System
Solutions in this chapter: Introduction Volatile Data Collection Methodology Nonvolatile Data Collection from a Live Linux System Conclusion Pitfalls to Avoid Incident Tool Suites Remote Collection Tools Volatile Data Collection and Analysis Tools Collecting Subject System Details Identifying Users Logged into the System Network Connections and Activity Process Analysis Loaded Modules Open Files Command History Selected Readings
Chapter 2. Linux Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts
Solutions in this Chapter: Introduction Memory Forensics Overview “Old School” Memory Analysis How Linux Memory Forensics Tools Work Linux Memory Forensics Tools Interpreting Various Data Structures in Linux Memory Dumping Linux Process Memory Dissecting Linux Process Memory Conclusions Pitfalls to Avoid Field Notes: Memory Forensics Selected Readings
Chapter 3. Postmortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems
Solutions in this Chapter Introduction Linux Forensic Analysis Overview Malware Discovery and Extraction from a Linux System Examine Linux File System Examine Application Traces Keyword Searching Forensic Reconstruction of Compromised Linux Systems Advanced Malware Discovery and Extraction from a Linux System Conclusions Pitfalls to Avoid Field Notes: Linux System Examinations Forensic Tool Suites Timeline Generation Selected Readings
Chapter 4. Legal Considerations
Solutions in this Chapter: Framing the Issues General Considerations Sources of Investigative Authority Statutory Limits on Authority Tools for Acquiring Data Acquiring Data Across Borders Involving Law Enforcement Improving Chances for Admissibility State Private Investigator and Breach Notification Statutes International Resources: The Federal Rules: Evidence for Digital Investigators
Chapter 5. File Identification and Profiling: Initial Analysis of a Suspect File on a Linux System
Solutions in this Chapter: Introduction Overview of the File Profiling Process Working With Linux Executables File Similarity Indexing File Visualization Symbolic and Debug Information Embedded File Metadata File Obfuscation: Packing and Encryption Identification Embedded Artifact Extraction Revisited Executable and Linkable Format (ELF) Profiling Suspect Document Files Profiling Adobe Portable Document Format (PDF) Files Profiling Microsoft (MS) Office Files Conclusion Pitfalls to Avoid Conducting an incomplete file profile Relying upon file icons and extensions without further CONTEXT or deeper examination Solely relying upon anti-virus signatures or third-party analysis of a “similar” file specimen Examining a suspect file in a forensically unsound laboratory environment Basing conclusions upon a file profile without additional context or correlation Navigating to malicious URLS and IP addresses Selected Readings Technical Specifications
Chapter 6. Analysis of a Malware Specimen
Solutions in this Chapter Introduction Goals Guidelines for Examining a Malicious File Specimen Establishing the Environment Baseline Pre-Execution Preparation: System and Network Monitoring Execution Artifact Capture: Digital Impression and Trace Evidence Executing the Malicious Code Specimen Execution Trajectory Analysis: Observing Network, Process, System Calls, and File System Activity Automated Malware Analysis Frameworks Embedded Artifact Extraction Revisited Interacting with and Manipulating the Malware Specimen: Exploring and Verifying Functionality and Purpose Event Reconstruction and Artifact Review: Post-Run Data Analysis Digital Virology: Advanced Profiling Through Malware Taxonomy and Phylogeny Conclusion Pitfalls to Avoid Incomplete Evidence Reconstruction Incorrect Execution of a Malware Specimen Solely Relying upon Automated Frameworks or Online Sandbox Analysis of a Malware Specimen Submitting Sensitive Files to Online Analysis Sandboxes Failure to Adjust the Laboratory Environment to Ensure Full Execution Trajectory Failure to Examine Evidence Dynamics During and After the Execution of Malware Specimen Failure to Examine the Embedded Artifacts of a Target Malware Specimen After it is Executed and Extracted from Obfuscation Code Selected Readings
Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion