Malware Forensics: Investigating and Analyzing Malicious Code (Kindle Edition)

by Cameron H. Malin (Author), Eoghan Casey (Author), James M. Aquilina (Author)

Editorial Reviews

Book Description

Dissecting the dark side of the Internet -- with its infectious worms, botnets, rootkits, and Trojan horse programs (known as malware)-- this in-depth, how-to guide details the complete process of responding to a malicious code incident, from isolating malware and testing it in a forensic lab environment, to pulling apart suspect code and investigating its origin and authors. Written by information security experts with real-world investigative experience, Malware Forensics: Investigating and Analyzing Malicious Code is the most instructional book available on the subject, providing practical step-by-step technical and legal guidance to readers by featuring tools, diagrams, examples, exercises and checklists.

Product Description

Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss "live forensics" on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system.
Malware Forensics: Investigating and Analyzing Malicious Code also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory as a key investigative step in malicious code forensics.
Prior to this book, competing texts have described malicious code, accounted for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code. Conversely, Malware Forensics: Investigating and Analyzing Malicious Code emphasizes the practical "how-to" aspect of malicious code investigation, giving deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more.

* Winner of Best Book Bejtlich read in 2008!
* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
* Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader.
* First book to detail how to perform "live forensic" techniques on malicous code.
* In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter

See all Editorial Reviews

Product Details

• Format: Kindle Edition
• Print Length: 592 pages
• Publisher: Syngress (June 30, 2008)
• Sold by: Amazon Digital Services
• ASIN: B001KU7XOK
• Average Customer Review: 4.9 out of 5 stars  See all reviews (11 customer reviews)
• Amazon.com Sales Rank: #65,252 in Kindle Store (See Bestsellers in Kindle Store)

  Popular in this category: (What's this?)

  #35 in

  Books > Computers & Internet > Security & Encryption > Forensics

Customer Reviews

Most Helpful Customer Reviews

9 of 9 people found the following review helpful:

5.0 out of 5 stars Candidate for Best Book Bejtlich Read in 2008, November 2, 2008

By	Richard Bejtlich "TaoSecurity.com" (Metro Washington, DC) - See all my reviews (TOP 500 REVIEWER)    (REAL NAME)

This review is from: Malware Forensics: Investigating and Analyzing Malicious Code (Paperback)

Malware Forensics is an awesome book. Last year Syngress published Harlan Carvey's 5-star Windows Forensic Analysis, and now we get to enjoy this new title by James Aquilina, Eoghan Casey, and Cameron Malin, plus technical editing by Curtis Rose. I should disclose that I co-wrote a forensics book with Curtis Rose, and I just delivered a guest lecture in a class taught by Eoghan Casey. However, I still call books as I see them, regardless of the author. (Check out my review of Security Sage's Guide to Hardening the Network Infrastructure for proof.) I can confidently say that anyone interested in learning how to analyze malware, or perform incident response, will benefit from reading Malware Forensics.

I imagine that code-savvy investigators probably don't need to read Malware Forensics. However, this is not a book for newbies. The target audience includes those doing intrusion analysis on Windows and Linux who want to focus directly on examining malicious code. An investigator whose world revolves around reviewing hard drives with EnCase will probably not understand Malware Forensics. An investigator who needs guidance on identifying and then understanding malware will definitely like this book.

The front cover emphasizes the book's "practical, hands-on" nature. I admit that I tried to follow along in many parts, usually by retrieving various Windows tools to try on malware caught in my spam folder. I do not expect the reader to become an expert in any one area of analysis, but I do applaud the authors for exposing readers to just about every aspect of malware analysis you might expect. The book uses large and small cases, multiple sample analyses, and extensive tool output to guide readers. Even the legal chapter covers the questions most of us are likely to ask.

Furthermore, how often does one read an introduction (through p xxxvi) that is educational? I loved the points about DNA tests destroying evidence and the discussion of what is "forensically sound" on p xxv, and the mention of "evidence dynamics" on p xxvi. I got the sense the authors were real forensics experts, not strictly malware geeks. The citing of non-infosec sources when making points showed me they understood the big picture (p xxxi). They also cited their tools with footnotes and URLs, and included chapter end-notes.

I found very little to complain about in this book. I noticed awkward placement of commas in chapters 3 and 8. A copyeditor could have removed those. From what I can see, the authors appreciated Curtis Rose's involvement. Syngress should observe the value of an editor who seriously reviews the text. (The last page of the book even includes errata that couldn't make it into the previous text!)

I am seriously considering Malware Forensics as my Best Book Bejtlich Read in 2008. If it doesn't win (stay tuned for announcements at the end of December) Malware Forensics will be one of the top four for the year.

3 of 3 people found the following review helpful:

5.0 out of 5 stars Practical and essential for IT industry experts, October 1, 2008

By	A. Nosaka (Laguna Beach, CA United States) - See all my reviews (REAL NAME)

This review is from: Malware Forensics: Investigating and Analyzing Malicious Code (Paperback)

As the sole network administrator in a small Internet startup, I am responsible for every facet of our IT department. In the past year, our network has encountered intrusions, mainly by vindictive ex-employees, and a myriad of viruses/trojans of which a few of our systems became zombie machines. Since our network has fallen prey to various malware, on several occasions I've been notified by law enforcement that our machines were a part of a bot net. Other times we were warned by PayPal, eBay, and other financial institutions such as Bank of America that we were hosting phishing web sites. Starting a company on limited funds and manpower as well as enduring the growing pains of maintaining a network are difficult enough by itself. A colleague from my prior company referred me this new book which he thought would be suitable to bring me up to speed on investigating malware. Together with my knowledge base and reading through several key chapters, performing a few practical hands on case scenarios, and building a live response tool kit, I feel confidant that I would be able to proficiently investigate and analyze most malware which I may encounter. At minimum, I would be able to assist or present to law enforcement my findings for further investigation.

1 of 1 people found the following review helpful:

5.0 out of 5 stars Something for Everyone, September 23, 2008

By	Bookworm - See all my reviews

This review is from: Malware Forensics: Investigating and Analyzing Malicious Code (Paperback)

Relatively new to malware analysis and computer forensics, I was a bit concerned if this book would be helpful to me. I wanted a book that would serve as an introduction as well a reference guide, and this book hit the mark! Particularly useful is the book's coverage of both Windows and Linux, which makes it a nice universal reference. [Side note: As I'm primarily a Mac user, it would have been nice to see some Mac coverage as well, but maybe in the next edition?]
The book structure and flow is intuitive and I enjoyed following the case scenarios as the basis of demonstrating the tools and techniques Although the book covers each facet of the "malware forensics" process (live response, file profiling, etc) in great detail, and with the chapters building on each other, I found it pretty easy to jump ahead to other chapters too. The book web site, (www.malwareforensics.com) was not adverstised, but easy enough to find, considering the URL is simply the book title. The site serves a good reference to bookmark because it announces the release of new or updated tools and has a lot of links to other malware/forensic resources. Overall, I was pleasantly surprised with Malware Forensics and I'm looking forward to the 2nd edition!"