Customer Reviews

Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code

5 star:		(12)
4 star:		(0)
3 star:		(0)
2 star:		(0)
1 star:		(1)

 

 

I have just received this book and have not yet worked my way through all the chapters, but I have reviewed the contents and tool DVD. I teach college classes on Network and Computer forensics from a survey level through a hard-core programming level. I have likely purchased or been sent most of the books in this area, and this book does stand out for the following reasons.

1. The material is up-to-date. Tools and malware resources change on an almost daily basis and you need to get books that reflect current resources and best practices. This book does a very good job covering the current tools and resources. It provides the web addresses for the various tools and resources discussed in each chapter. It also refers to current research, articles, and conference material in the areas covered in the chapters.

2. The topics covered are comprehensive. The book includes topics on anonymizing (the first chapter), classifying malware, shellcode, DLL code injection, debugging, how to safely run malware in a virtual environment, dumping memory and memory forensics, debugging kernel code, etc. The topics are collected into 18 chapters and are very complete.

3. The focus of this book is performing analysis of malware (which includes a wide variety of exploit types) and creating/using the tools to perform this analysis. Numerous examples are given showing how the analysis can be done, and some background information is presented as needed.

4. The book assumes the reader has brains. Too many "Computer Forensics" books are a waste of time for someone that already has a background in programming, networking, etc. They (the other Forensics books) often start their discussion of Network Forensics with a definition of what a network is ("A network sends packets between computers..."). Give me a break. This book assumes the reader already has a level of knowledge that is appropriate to anyone really working in this field. However, the authors do a good job explaining what needs to be explained in the course of presenting the topics. They don't talk down to the reader.

5. The book has a wealth of examples. Each chapter presents the topics by showing examples as well as showing how to get and install the necessary tools.

6. The book balances using pre-written tools with create-your-own tools. The latter include scripts in Python and programs in C/C++. The authors indicate where to get various relevant libraries which can be used to create or customize tools. This book is not just a collection of tools, but shows how to use the tools, analysis techniques, etc.

7. The book is very reasonably priced for the quality of content and the extra DVD. The price from Amazon is under $40 and the retail price is about $60. However, even at $60 this book is a bargain. Even if you just used the web addresses for the lists of tools presented in each chapter, the amount of time would take to locate and document the huge number of forensics/hacking tools presented in this book, is worth more than the book's price.

8. The book presents a huge amount of material. Almost every page is crammed with information and examples. Frankly, this book presents more information in one chapter than most other books do in their entirety, and this book has 18 chapters. The chapters are written so they are independent of each other and you can select the chapter you want to work through without reading previous chapters.

9. The tool focus is open-source and platform independent. The authors stay with open-source tools and try to reference tools that can run on both Linux and Windows. However, they also use the best tools available for a specific task, even if the tool only runs under Linux or only under Windows.

Reader Background:
There are enough varied topics in this book that readers with different levels of knowledge can benefit. The authors assume the reader has a background in basic networking, understands operating systems (both Windows and Unix), understands programming (Python, C/C++, Assembly), and understand processor basics (registers, the stack, etc). However, these assumptions are not barriers to getting something out of this book. Beginners will find the book too difficult, but would profit by just downloading the various tools referenced in the chapters.

Bottom line:
* If you are doing forensic analysis on Malware you should purchase this book (for the chapters on debugging, memory forensics, and malware forensics)
* If you are working in the network/computer security area you should purchase this book (for the chapters on setting up a malware lab, classifying malware, and setting up a malware sandbox)
* If you are interested in the programming aspects of malware you should purchase this book (for the chapters on DLLs and debugging malware code and on code injection)
* If (and I hesitate to include this) you want to be a hacker you should purchase this book and read the entire thing.

The Malware Analyst's Cookbook is the best book I have read when it comes to practical techniques for working with malware. This book give many practical examples to helping forensic examiners, incident responders, malware analysts or others on how to deal with malware. This book touches so many great areas when it comes to malware analysis it is hard to focus on highlighting them all.

One suggestion for those looking to purchase this book, it would help you to gain a mild understanding of python as many of the very great tools contained within the book rely on python. It is by no means necessary to understand python to use the tools but it would be helpful to better understand what the tools are doing.

I found the 4 chapters on memory analysis to be completely awesome! I have not seen such a wealth of information on memory analysis in once place. The chapters on memory analysis go from the basic analysis of memory dump to exploring code injection and rootkits to pulling registry and network artifacts from memory.

The book does a great job of introducing the reader to multiple ways in dealing with malware from using tools for classification, scanning with AV engines and sandboxes to working with DLLs and malware debugging. I really liked how when a tool is introduced then authors then usually have a script to automate much of the process. The DVD that comes with the book is worth the price of the book just by itself.

If you work with malware in any capacity I think this book with benefit you as it has so much to offer in so many areas when it comes to fighting malicious code.

Malware is a highly prevalent threat and the techniques for studying it have tended to be obscure and rather difficult to ferret out. This book brings the techniques into the light and diligent study will add many useful tactics to your repetoire. The book is organized into "recipes" that are grouped into 18 chapters. Each recipe covers how to perform a particular "thing" clearly with illustrations, code/output samples and references for more detail. The tools DVD is organized into chapters matching the text and individual recipes refer you to the matching tool on the DVD.

It is a technical book so be warned that its benefits will be reaped only by dilignet study and working through the recipes.

Highly recommended for people enganged in or interested in malware analysis or even the more general topics of how malware operates. The script for automating analysis of suspect malware by multiple antivirus scanners from the command line (Chapter 4) are worth the price of the book alone.

Still working my way through this book, but so far every chapter has been quite useful. This book is more of a practical guide to malware analysis than anything else. I have found that many of the previous books are in one of two cases: they either are not quite practical enough and simply teach the concepts without showing you how to use the programs (or often even mentioning the programs), or they are too difficult for those who want to learn more about the subject but haven't been doing it for years.

I understand that the concepts are key in the long run, and mentioning specific programs can lead to an outdated book faster, but considering this book just came out, the programs are indeed current and work great. The book goes through a good number of programs freely available on the web or included on dvd, and it describes them and how to use them / configure them as well, rather than simply presenting a list of programs.

The book is detailed and in-depth enough to provide good analysis of malware as well. It does assume some prior knowledge of programming, general security concepts, and different OS's, but it provides clear descriptions of malware analysis tools that are easy to follow.

Overall, it's a good book to pick up and work your way through, rather than read your way through. This is simply the way it's structured. As you read each chapter you feel the need to actually sit in front of a computer and FOLLOW the recipes to learn the material - something that can often be difficult to do with other textbooks. So far, my favorite book on the subject!

This book is a must for anyone that is tasked with doing malware analysis either by analyzing files or network traffic. The authors have made this process almost as easy as step by step. I love this book and continue to reference it over and over again. It is on my bookshelf for review and I require anyone on my team to read this as a prerequisite to doing malware analysis.

Their techniques have helped me by solving problems I was having directly with analysis tools, as well as indirectly with other methods I have put in place. This book is a very easy read and the open source tools are very beneficial.

Excellent work!

This is easily the best book on malware analysis I've ever read. It's overflowing with useful code, clever techniques and other practical information. It's readily apparent that the authors put a lot of thought into the content and organization; this isn't your typical hodgepodge of thrown together random tools and poor writing. If you're serious about malware analysis, add this to your library now.

This is an excellent book on the topic of malware analysis. The book is loaded with content at close to 700 pages. There's a recipe for everything! Everything from how to setup a malware lab to how to perform memory forensics on a rootkit.

The book is suitable for all levels of anyone interested in security and malware analysis. The recipe style of the book makes it easy to quickly jump to a section you are interested in or need at that moment or it can be used to skip sections you're not interested in without losing anything.

The provided DVD is actually useful. It provides a number of custom written Python scripts that the authors took consider time to write. You can easily add these to your malware analysis toolkit for easier malware analysis and increased productivity.

I've read many security books about malwares from concepts to lab analysis, but never found a one that can give this amount of technical details like (Malware Analyst's Cookbook).

I do alot of security activities that require me to have a solid background in latest malware and to update my skills in incident response and analysis techniques.

Basically this book is just a description of different tools and glue code for those tools. If you wanted to set-up some incident response quickly to understand some malware and how to respond to it. This book should help. Uses python code for everything.

A year after release, the Malware Analyst's Cookbook continues to elicit uniformly high praise from the security community. It is one of those rare books that only come around once every few years. The breadth of information covered is staggering, and it makes an excellent reference to return to as your skills develop. If I could make one recommendation, I would encourage readers to not wait to read the last four chapters of the book.

The last quarter of the book covers memory forensic analysis, and it is the definitive resource currently available on the subject (either online or in print). If the entire book consisted of just this section, it would be worth the price. Instruction starts with memory acquisition, and nicely covers memory dumps from alternative sources like virtual machines (Fusion, Parallels VMware, and VirtualBox). The Volatility memory analysis framework is used exclusively, owing to one of the authors being a primary contributor to the project. That being said, the concepts behind the tools are described in detail, making it easy to port the information to any of the memory analysis suites currently available. Throughout the text, techniques learned in earlier sections are re-applied to this newest form of forensics. As an example, YARA malware identification rules are well covered in previous chapters and reappear as a viable method for scanning memory. Links to prior techniques are well documented and indexed, allowing the book to be read in any order. An extensive collection of memory dumps is included with the book DVD, letting readers immediately get their hands dirty with the exercises without needing to create their own samples. This is a wonderful addition to the book and unfortunately quite rare in books of this genre.

Although I am not a big fan of the cookbook/recipe structure, the content is so good it could be scrawled on napkins and still be engaging. With the current state of information security, the Malware Analyst's Cookbook is a must have book for every information security practitioner.