Chapter 9

Executable Programs

Abstract

Investigating the structure of programs and executables in order to understand where information is in memory, how programs run and how malware can be created.

Keywords

operating systems
forensics
operating environments

INFORMATION INCLUDED IN THIS CHAPTER:

Windows Portable Executable
Linux Executable and Linkable Format
Mac OS X Application Bundles
NET Common Language Runtime
Debugging/Disassembly
System Calls and Tracing

Introduction

At the core of any computer system is the programs that run on it. It might normally go without saying, but I am going to say it anyway. Those programs are what make computers useful but more importantly, provide us with artifacts, which make sure that forensic ...

Get Operating System Forensics now with the O’Reilly learning platform.

O’Reilly members experience live online training, plus books, videos, and digital content from nearly 200 publishers.