book

Malware Forensics Field Guide for Windows Systems

by Cameron H. Malin, Eoghan Casey, James M. Aquilina

May 2012

Intermediate to advanced

560 pages

12h 55m

English

Syngress

Read now

Unlock full access

Solutions in this chapter:Volatile Data Collection and Analysis ToolsNon-Volatile Data Collection and Analysis ToolsSelected ReadingsJurisprudence/RFCS/Technical Specifications

Solutions in this chapter:Selected Readings
Solutions in this chapter:Selected Readings
Solutions in this chapter:
Solutions in this chapter:Selected Readings
Solutions in this chapter:IntroductionGoalsGuidelines for Examining a Malicious File SpecimenEstablishing the Environment BaselinePre-Execution Preparation: System and Network MonitoringExecution Artifact Capture: Digital Impression and Trace EvidenceExecuting the Malicious Code SpecimenExecution Trajectory Analysis: Observing Network, Process, Api, File System, and Registry ActivityAutomated Malware Analysis FrameworksOnline Malware Analysis SandboxesDefeating ObfuscationEmbedded Artifact Extraction RevisitedInteracting with and Manipulating the Malware Specimen: Exploring and Verifying Functionality and PurposeEvent Reconstruction and Artifact Review: Post-Run Data AnalysisDigital Virology: Advanced Profiling Through Malware Taxonomy and PhylogenyConclusionPitfalls to AvoidSelected Readings

Content preview from Malware Forensics Field Guide for Windows Systems

Introduction to Malware Forensics

Since the publication of Malware Forensics: Investigating and Analyzing Malicious Code in 2008,¹ the number and complexity of programs developed for malicious and illegal purposes has grown substantially. The 2011 Symantec Internet Security Threat Report announced that over 286 million new threats emerged in the past year.² Other anti-virus vendors, including F-Secure, forecast an increase in attacks against mobile devices and SCADA systems in 2011.³

In the past, malicious code has been categorized neatly (e.g., viruses, worms, or Trojan horses) based upon functionality and attack vector. Today, malware is often modular and multifaceted, more of a “blended-threat,” with diverse functionality and means of propagation. ...