Investigating the structure of programs and executables in order to understand where information is in memory, how programs run and how malware can be created.
INFORMATION INCLUDED IN THIS CHAPTER:
• Windows Portable Executable
• Linux Executable and Linkable Format
• Mac OS X Application Bundles
• NET Common Language Runtime
• System Calls and Tracing
At the core of any computer system is the programs that run on it. It might normally go without saying, but I am going to say it anyway. Those programs are what make computers useful but more importantly, provide us with artifacts, which make sure that forensic ...
Get Operating System Forensics now with the O’Reilly learning platform.
O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.