Chapter 9

Executable Programs

Abstract

Investigating the structure of programs and executables in order to understand where information is in memory, how programs run and how malware can be created.

Keywords

operating systems

forensics

operating environments

INFORMATION INCLUDED IN THIS CHAPTER:

• Windows Portable Executable

• Linux Executable and Linkable Format

• Mac OS X Application Bundles

• NET Common Language Runtime

• Debugging/Disassembly

• System Calls and Tracing

Introduction

At the core of any computer system is the programs that run on it. It might normally go without saying, but I am going to say it anyway. Those programs are what make computers useful but more importantly, provide us with artifacts, which make sure that forensic ...

Get Operating System Forensics now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Operating System Forensics by Ric Messier

Executable Programs

Abstract

Keywords

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly