May 2012
Intermediate to advanced
560 pages
12h 55m
English
book
Malware Forensics Field Guide for Windows Systems
by Cameron H. Malin, Eoghan Casey, James M. Aquilina
Content preview from Malware Forensics Field Guide for Windows Systems
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
Chapter 5
File Identification and Profiling
Initial Analysis of a Suspect File on a Windows System
Solutions in this chapter:
• Overview of the File Profiling Process
• Profiling a Suspicious File
• File Similarity Indexing
• File Visualization
• File Signature Identification and Classification
• Embedded Artifact Extraction
• Symbolic and Debug Information
• Embedded File Metadata
• File Obfuscation: Packing and Encryption Identification
• Embedded Artifact Extraction Revisited
• Profiling Suspect Document Files
• Profiling Suspect Portable Document Format (PDF) Files
• Profiling Suspect Microsoft (MS) Office Files
• Profiling Suspect Compiled HTML Help Files
Introduction
This chapter addresses the methodology, techniques, and tools for ...