CHAPTER 15
Investigating Hacker Tools
 
During investigations of computer crime, particularly computer intrusions, you will encounter rogue files with an unknown purpose. You know that the rogue file is doing something that the attacker wants, but all you have is a binary file and perhaps a few theories about what that file does.
Tool analysis would be much simpler if attackers left their source code behind. But most attackers have something in common with Microsoft: They protect their source code. Without it, you are left to muddle through object code and trace the functionality of the program.
In this chapter, we outline a sound scientific approach to performing tool analysis. You will learn how to take an executable file with an unknown ...

Get Incident Response & Computer Forensics, 2nd Ed., 2nd Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.