Book Name: Malware Forensics: Investigating and Analyzing Malicious Code
Authors(s): Cameron H. Malin, Eoghan Casey, James M. Aquilina
ISBN:
· ISBN-10: 159749268X
· ISBN-13: 978-1597492683
Published Year/Month: June 30, 2008
Publication: Syngress
Edition: First
Reviewer: EvilFingers
Overall Comments: Forensic investigation steps combined with Malware research gives this book a good blend to convey the importance of forensic analysis and Malware research as well.

Chapter Reviews:

Chapter 1: Malware Incident Response: Volatile Data Collection and Examination on a Live Windows System Volatile data has always had a great value to it when putting the pieces together. Volatile data as the name sounds is easily combustible or rather destroyable. Hence, in this chapter the readers will get a view of preserving the volatile data on a Windows system from a practical perspective.

Chapter 2: Malware Incident Response: Volatile Data Collection and Examination on a Live Linux System Volatile data has always had a great value to it when putting the pieces together. Volatile data as the name sounds is easily combustible or rather destroyable. Hence, in this chapter the readers will get a view of preserving the volatile data on a Linux system from a practical perspective.

Chapter 3: Memory Forensics: Analyzing Physical and Process Memory Dumps for Malware Artifacts Process and memory dumps are used for forensic analysis of memory. This chapter will help you with the tools and process of gathering and analyzing process and memory dumps.

Chapter 4: Post-Mortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Windows Systems Forensic examination techniques for discovering and extracting Malware based information for forensic analysis on a Windows system.

Chapter 5: Post-Mortem Forensics: Discovering and Extracting Malware and Associated Artifacts from Linux Systems Forensic examination techniques for discovering and extracting Malware based information for forensic analysis on a Linux system.

Chapter 6: Legal Consideration Forensic analysis is not technology alone. It involves legal implications that include declaring, preserving of evidence and chain of custody. This chapter would help you understand the legal part of forensic analysis.

Chapter 7: File Identification and Profiling: Initial Analysis of a Suspect File on a Windows System This chapter will help the readers to understand the methodology and tools for analyzing a suspect file on Windows system. The authors have given it in a step-wise fashion for the readers to understand the forensic analysis process.

Chapter 8: File Identification and Profiling: Initial Analysis of a Suspect File on a Linux System This chapter will help the readers to understand the methodology and tools for analyzing a suspect file on Linux system. The authors have given it in a step-wise fashion for the readers to understand the forensic analysis process.

Chapter 9: Analysis of a Suspect Program: Windows This chapter will discuss on static and dynamic analysis to perform forensic analysis on suspect program on a Windows System.

Chapter 10: Analysis of a Suspect Program: Linux This chapter will discuss on static and dynamic analysis to perform forensic analysis on suspect program on a Linux System.