Dissecting the dark side of the Internet--with its infectious worms, botnets, rootkits, and Trojan horse programs (known as malware)--this in-depth, how-to guide details the complete process of responding to a malicious code incident, from isolating malware and testing it in a forensic lab environment, to pulling apart suspect code and investigating its origin and authors. Written by information security experts with real-world investigative experience, Malware Forensics." Investigating and Analyzing Malicious Code is the most instructional book available on the subject, providing practical step-by-step technical and legal guidance to readers by featuring tools, diagrams, examples, exercises and checklists.

Introduction

Chapter 1 Malware Incident Response: Volatile Data

Collection and Examination on a Live Windows System

Chapter 2 Malware Incident Response: Volatile

Data Collection and Examination on a Live Linux System

Chapter 3 Memory Forensics: Analyzing Physical and

Process Memory Dumps for Malware Artifacts

Chapter 4 Post-Mortem Forensics: Discovering and Extracting Malware

and Associated Artifacts from Windows Systems

Chapter 5 Post-Mortem Forensics: Discovering and Extracting

Malware and Associated Artifacts from Linux Systems

Chapter 6 Legal Considerations..

Chapter 7 File Identification and Profiling: Initial

Analysis of a Suspect File on a Windows System

Chapter 8 File Identification and Profiling: Initial Analysis

of a Suspect File On a Linux System

Chapter 9 Analysis of a Suspect Program: Windows

Chapter 10 Analysis of a Suspect Program: Linux

Index