What do you think?
Rate this book
Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides
Malware Forensics Field Guide for Windows Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides , a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution. This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Windows-based systems, the largest running OS in the world. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Windows system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Windows systems; legal considerations; file identification and profiling initial analysis of a suspect file on a Windows system; and analysis of a suspect program. This field guide is intended for computer forensic investigators, analysts, and specialists.
560 pages, Paperback
First published January 1, 2010
37 people want to read
Ratings & Reviews
Friends & Following
Create a free account to discover what your friends think of this book!
Community Reviews
Displaying 1 of 1 review
October 22, 2013
The book I read to research this post was Malware Forensics Field Guide For Windows Systems by Eoghan Casey et al which is an excellent book which I bought from kindle. This book looks at the legal aspects mostly according to American law and also looks at the technical aspects of dealing with a virus infestation on either a network or desktop pc. It lists loads of software that can do the various jobs, far too many to list here and looks at doing the basics with some of this software. Eoghan is a bit of a legend in Digital Forensics and I have read quite a lot of books by him. There is also quite a lot of posts on different aspects of digital forensics at my computing blog at http://scratbag.me & my technology blog at http://scratbagroberts.com
If your computer is attacked by malware it's best to analyze it in a live state which means with out re booting it which will often destroy any evidence. Many professionals use MD5 or Memory Digest 5 to copy the hard drive. One problem facing you in this job is there is various types of memory that all need to be copied. Another problem is what you copy it to, in most cases it will be an external hard drive due to the enormous amount of data. Also copying it to writable media like dvdr's takes longer. A good program that will copy a network to another network hard drive is Encase Enterprise. A lot of malware nowadays contains keyloggers to find things like passwords, something to locate credit card numbers & an email address for this information to be sent to. One way you can spot malware is you use a port sniffer like wireshark it will constantly try to access the internet to send its newfound information. This book is nearly 1,000 pages and covers every aspect of malware and I really enjoyed reading it.
If your computer is attacked by malware it's best to analyze it in a live state which means with out re booting it which will often destroy any evidence. Many professionals use MD5 or Memory Digest 5 to copy the hard drive. One problem facing you in this job is there is various types of memory that all need to be copied. Another problem is what you copy it to, in most cases it will be an external hard drive due to the enormous amount of data. Also copying it to writable media like dvdr's takes longer. A good program that will copy a network to another network hard drive is Encase Enterprise. A lot of malware nowadays contains keyloggers to find things like passwords, something to locate credit card numbers & an email address for this information to be sent to. One way you can spot malware is you use a port sniffer like wireshark it will constantly try to access the internet to send its newfound information. This book is nearly 1,000 pages and covers every aspect of malware and I really enjoyed reading it.
Displaying 1 of 1 review