Malware Analyst's Cookbook and over one million other books are available for Amazon Kindle. Learn more

Buy New

or
Sign in to turn on 1-Click ordering.
or
Amazon Prime Free Trial required. Sign up when you check out. Learn More
Buy Used
Used - Good See details
$30.81 & this item ships for FREE with Super Saver Shipping. Details
Fulfilled by Amazon

or
Sign in to turn on 1-Click ordering.
 
   
Kindle Edition
Read the Kindle edition on Kindle, iPhone, iPad, Android, BlackBerry, PC and Mac.
 
   
Sell Back Your Copy
For a $16.25 Gift Card
Trade in
More Buying Choices
Have one to sell? Sell yours here
Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
 
 
Share your own customer images
Search inside this book
Start reading Malware Analyst's Cookbook on your Kindle in under a minute.

Don't have a Kindle? Get your Kindle here, or download a FREE Kindle Reading App.

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code [Paperback]

Michael Ligh (Author), Steven Adair (Author), Blake Hartstein (Author), Matthew Richard (Author)
4.7 out of 5 stars  See all reviews (13 customer reviews) |
List Price: $59.99
Price: $35.25 & this item ships for FREE with Super Saver Shipping. Details
You Save: $24.74 (41%)
  Special Offers Available
o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o o
In Stock.
Ships from and sold by Amazon.com. Gift-wrap available.
Want it delivered Monday, June 4? Choose One-Day Shipping at checkout. Details
Textbook Student FREE Two-Day Shipping for students on millions of items. Learn more

Formats

 Amazon Price New from Used from
Kindle Edition $33.49   -- --
Paperback $35.25   -- --
Sell Back Your Copy for $16.25
Whether you bought it on Amazon or somewhere else, you can sell it back through our Book Trade-In Program at the current price of $16.25.
Used Price$24.92
Trade-in Price$16.25
Price after
Trade-in$8.67

Book Description

Publication Date: November 2, 2010 | ISBN-10: 0470613033 | ISBN-13: 978-0470613030 | Edition: 1
A computer forensics "how-to" for fighting malicious code and analyzing incidents

With our ever-increasing reliance on computers comes an ever-growing risk of malware. Security professionals will find plenty of solutions in this book to the problems posed by viruses, Trojan horses, worms, spyware, rootkits, adware, and other invasive software. Written by well-known malware experts, this guide reveals solutions to numerous problems and includes a DVD of custom programs and tools that illustrate the concepts, enhancing your skills.

  • Security professionals face a constant battle against malicious software; this practical manual will improve your analytical capabilities and provide dozens of valuable and innovative solutions
  • Covers classifying malware, packing and unpacking, dynamic malware analysis, decoding and decrypting, rootkit detection, memory forensics, open source malware research, and much more
  • Includes generous amounts of source code in C, Python, and Perl to extend your favorite tools or build new ones, and custom programs on the DVD to demonstrate the solutions

Malware Analyst's Cookbook is indispensible to IT security administrators, incident responders, forensic analysts, and malware researchers.

Special Offers and Product Promotions

  • Buy $50 in qualifying physical textbooks, get $2 in Amazon MP3 Credit. Here's how (restrictions apply)

Frequently Bought Together

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code + Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software + Metasploit: The Penetration Tester's Guide
Price For All Three: $101.19

Show availability and shipping details

Buy the selected items together

  • In Stock.
    Ships from and sold by Amazon.com.
    This item ships for FREE with Super Saver Shipping. Details

  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software by Michael Sikorski Paperback $35.97

    In Stock.
    Ships from and sold by Amazon.com.
    This item ships for FREE with Super Saver Shipping. Details

  • Metasploit: The Penetration Tester's Guide by David Kennedy Paperback $29.97

    In Stock.
    Ships from and sold by Amazon.com.
    This item ships for FREE with Super Saver Shipping. Details

Editorial Reviews

From the Back Cover

Powerful, step-by-step solutions to dozens of common threats

We called this a cookbook because each "recipe" presents both the ingredients and the steps you take to resolve a specific problem or research a given threat. On the DVD, you'll find supporting files and original programs that provide additional resources. You'll learn how to analyze malware using tools written by the authors as well as hundreds of other publicly available tools. If your job involves incident response, computer forensics, systems security, or antivirus research, this book will become invaluable to you.

  • Learn to conduct online investigations without revealing your identity

  • Use honeypots to collect malware being distributed by bots and worms

  • Analyze JavaScript, PDFs, and Office documents for suspicious content

  • Build a low-budget malware lab with virtualization or bare bones hardware

  • Reverse engineer common encoding and encryption algorithms

  • Set up an advanced memory forensics platform for malware analysis

  • Investigate prevalent threats such as Zeus, Silent Banker, CoreFlood, Conficker, Virut, Clampi, Bankpatch, BlackEnergy, and many more!

On the DVD

Use the files on the DVD to follow along with the recipes or to conduct your own investigations and analyses. You will find:

  • Evidence files

  • Annotated videos

  • Source code

  • Windows and Linux tools

  • Over 50 original programs in Python, C/C++, and Perl

"The most useful technical security book I've read this year. A must-have for all who protect systems from malicious software."
Lenny Zeltser, Security Practice Director at Savvis and Senior Faculty Member at SANS Institute

"The ultimate guide for anyone interested in malware analysis."
Ryan Olson, Director, VeriSign iDefense Rapid Response Team

"Every page is filled with practical malware knowledge, innovative ideas, and useful tools. Worth its weight in gold!"
AAron Walters, Lead Developer of Volatility and VP of Security R&D at Terremark

About the Author

Michael Hale Ligh is a malicious code analyst at Verisign iDefense and Chief of Special Projects at MNIN Security.

Steven Adair is a member of the Shadowserver Foundation and frequently analyzes malware and tracks botnets. He also investigates cyber attacks of all kinds with an emphasis on those linked to cyber espionage.

Blake Hartstein is the author of multiple security tools and a Rapid Response Engineer at Verisign iDefense, where he responds to malware incidents.

Matthew Richard has authored numerous security tools and also ran a managed security service for banks and credit unions.

Product Details

  • Paperback: 744 pages
  • Publisher: Wiley; 1 edition (November 2, 2010)
  • Language: English
  • ISBN-10: 0470613033
  • ISBN-13: 978-0470613030
  • Product Dimensions: 9.2 x 7.4 x 1.6 inches
  • Shipping Weight: 2.5 pounds (View shipping rates and policies)
  • Average Customer Review: 4.7 out of 5 stars  See all reviews (13 customer reviews)
  • Amazon Best Sellers Rank: #12,136 in Books (See Top 100 in Books)

    •  Would you like to update product info or give feedback on images?

More About the Authors

Discover books, learn about writers, read author blogs, and more.
Michael Ligh
Steven Adair

Customer Reviews

4 star
0
3 star
0
2 star
0
Most Helpful Customer Reviews
70 of 71 people found the following review helpful
Format:Paperback|Amazon Verified Purchase
I have just received this book and have not yet worked my way through all the chapters, but I have reviewed the contents and tool DVD. I teach college classes on Network and Computer forensics from a survey level through a hard-core programming level. I have likely purchased or been sent most of the books in this area, and this book does stand out for the following reasons.

1. The material is up-to-date. Tools and malware resources change on an almost daily basis and you need to get books that reflect current resources and best practices. This book does a very good job covering the current tools and resources. It provides the web addresses for the various tools and resources discussed in each chapter. It also refers to current research, articles, and conference material in the areas covered in the chapters.

2. The topics covered are comprehensive. The book includes topics on anonymizing (the first chapter), classifying malware, shellcode, DLL code injection, debugging, how to safely run malware in a virtual environment, dumping memory and memory forensics, debugging kernel code, etc. The topics are collected into 18 chapters and are very complete.

3. The focus of this book is performing analysis of malware (which includes a wide variety of exploit types) and creating/using the tools to perform this analysis. Numerous examples are given showing how the analysis can be done, and some background information is presented as needed.

4. The book assumes the reader has brains. Too many "Computer Forensics" books are a waste of time for someone that already has a background in programming, networking, etc. They (the other Forensics books) often start their discussion of Network Forensics with a definition of what a network is ("A network sends packets between computers..."). Give me a break. This book assumes the reader already has a level of knowledge that is appropriate to anyone really working in this field. However, the authors do a good job explaining what needs to be explained in the course of presenting the topics. They don't talk down to the reader.

5. The book has a wealth of examples. Each chapter presents the topics by showing examples as well as showing how to get and install the necessary tools.

6. The book balances using pre-written tools with create-your-own tools. The latter include scripts in Python and programs in C/C++. The authors indicate where to get various relevant libraries which can be used to create or customize tools. This book is not just a collection of tools, but shows how to use the tools, analysis techniques, etc.

7. The book is very reasonably priced for the quality of content and the extra DVD. The price from Amazon is under $40 and the retail price is about $60. However, even at $60 this book is a bargain. Even if you just used the web addresses for the lists of tools presented in each chapter, the amount of time would take to locate and document the huge number of forensics/hacking tools presented in this book, is worth more than the book's price.

8. The book presents a huge amount of material. Almost every page is crammed with information and examples. Frankly, this book presents more information in one chapter than most other books do in their entirety, and this book has 18 chapters. The chapters are written so they are independent of each other and you can select the chapter you want to work through without reading previous chapters.

9. The tool focus is open-source and platform independent. The authors stay with open-source tools and try to reference tools that can run on both Linux and Windows. However, they also use the best tools available for a specific task, even if the tool only runs under Linux or only under Windows.

Reader Background:
There are enough varied topics in this book that readers with different levels of knowledge can benefit. The authors assume the reader has a background in basic networking, understands operating systems (both Windows and Unix), understands programming (Python, C/C++, Assembly), and understand processor basics (registers, the stack, etc). However, these assumptions are not barriers to getting something out of this book. Beginners will find the book too difficult, but would profit by just downloading the various tools referenced in the chapters.

Bottom line:
* If you are doing forensic analysis on Malware you should purchase this book (for the chapters on debugging, memory forensics, and malware forensics)
* If you are working in the network/computer security area you should purchase this book (for the chapters on setting up a malware lab, classifying malware, and setting up a malware sandbox)
* If you are interested in the programming aspects of malware you should purchase this book (for the chapters on DLLs and debugging malware code and on code injection)
* If (and I hesitate to include this) you want to be a hacker you should purchase this book and read the entire thing.
Was this review helpful to you?
25 of 26 people found the following review helpful
Format:Paperback|Amazon Verified Purchase
The Malware Analyst's Cookbook is the best book I have read when it comes to practical techniques for working with malware. This book give many practical examples to helping forensic examiners, incident responders, malware analysts or others on how to deal with malware. This book touches so many great areas when it comes to malware analysis it is hard to focus on highlighting them all.

One suggestion for those looking to purchase this book, it would help you to gain a mild understanding of python as many of the very great tools contained within the book rely on python. It is by no means necessary to understand python to use the tools but it would be helpful to better understand what the tools are doing.

I found the 4 chapters on memory analysis to be completely awesome! I have not seen such a wealth of information on memory analysis in once place. The chapters on memory analysis go from the basic analysis of memory dump to exploring code injection and rootkits to pulling registry and network artifacts from memory.

The book does a great job of introducing the reader to multiple ways in dealing with malware from using tools for classification, scanning with AV engines and sandboxes to working with DLLs and malware debugging. I really liked how when a tool is introduced then authors then usually have a script to automate much of the process. The DVD that comes with the book is worth the price of the book just by itself.

If you work with malware in any capacity I think this book with benefit you as it has so much to offer in so many areas when it comes to fighting malicious code.
Comment | 
Was this review helpful to you?
18 of 19 people found the following review helpful
Buy this book! Read this book! November 14, 2010
Format:Paperback
Malware is a highly prevalent threat and the techniques for studying it have tended to be obscure and rather difficult to ferret out. This book brings the techniques into the light and diligent study will add many useful tactics to your repetoire. The book is organized into "recipes" that are grouped into 18 chapters. Each recipe covers how to perform a particular "thing" clearly with illustrations, code/output samples and references for more detail. The tools DVD is organized into chapters matching the text and individual recipes refer you to the matching tool on the DVD.

It is a technical book so be warned that its benefits will be reaped only by dilignet study and working through the recipes.

Highly recommended for people enganged in or interested in malware analysis or even the more general topics of how malware operates. The script for automating analysis of suspect malware by multiple antivirus scanners from the command line (Chapter 4) are worth the price of the book alone.
Comment | 
Was this review helpful to you?
Most Recent Customer Reviews
Do yourself a favor, buy it in print not e-book!!!
So far I've be trying to get access to download the companion DVD for the Kindle version. Wiley (The Publisher) requires proof of purchase to access the DVD for e-book purchasers. Read more
Published 4 months ago by BrianC
Excelente Book
Excelente libro, lleno de informacion para todo aquel que quiera adentrarse en el analisis de malware! Muy buena redaccion, facil de comprender, muy explicativo! lo recomiendo!
Published 6 months ago by Gustavo Ogawa
Best of Breed (Memory) Forensics Title
A year after release, the Malware Analyst's Cookbook continues to elicit uniformly high praise from the security community. Read more
Published 6 months ago by Chad Tilbury
Great Malware Book
I would recommend this book to anyone who works in the computer forensics or even a desktop support person, don't forget to use the commands and examples on the CD they are great... Read more
Published 9 months ago by Ashraf Aziz
A must for malware analysts, incident reponders, and CERT
I've read many security books about malwares from concepts to lab analysis, but never found a one that can give this amount of technical details like (Malware Analyst's... Read more
Published 17 months ago by Aaed Salah Nemer
Critical for any malware analyst
This book is a must for anyone that is tasked with doing malware analysis either by analyzing files or network traffic. Read more
Published 17 months ago by Curtis Shaffer
Goodness
This is easily the best book on malware analysis I've ever read. It's overflowing with useful code, clever techniques and other practical information. Read more
Published 17 months ago by Shawn
There's a recipe for that!
This is an excellent book on the topic of malware analysis. The book is loaded with content at close to 700 pages. There's a recipe for everything! Read more
Published 17 months ago by Dustin
Excellent Guide To Help Apply Your Knowledge
Still working my way through this book, but so far every chapter has been quite useful. This book is more of a practical guide to malware analysis than anything else. Read more
Published 18 months ago by Russell D. Holloway
summary of tools
Basically this book is just a description of different tools and glue code for those tools. If you wanted to set-up some incident response quickly to understand some malware and... Read more
Published 18 months ago by S. Piper
Search Customer Reviews
Only search this product's reviews
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
Search Inside This Book:
Inside This Book (learn more)
Browse Sample Pages:
Front Cover | Table of Contents | First Pages | Index | Back Cover | Surprise Me!
Search Inside This Book:

Tags Customers Associate with This Product

 (What's this?)
Click on a tag to find related items, discussions, and people.
 
(7)
(4)
(4)
(4)
(4)
(4)
(3)
(1)
(1)
(1)
Agree with these tags?
See all 13 tags...

Your tags: Add your first tag
 
See most popular tags

Customer Discussions

This product's forum
Discussion Replies Latest Post
Can I get kindle version if I buy this book 0 9 days ago
Companion DVD 4 Apr 19, 2011
See all 2 discussions...  
Start a new discussion
Topic:
First post:
Prompts for sign-in
 


Active discussions in related forums
Search Customer Discussions
   
Related forums


Look for Similar Items by Category

Look for Similar Items by Subject

Search Books by subject:











i.e., each book must be in subject 1 AND subject 2 AND ...