Malware Forensics: Investigating and Analyzing Malicious Code

Cameron H. Malin, Eoghan Casey, James M. Aquilina

  • 出版商: Syngress Media
  • 出版日期: 2008-06-01
  • 定價: $2,460
  • 售價: 8.0$1,968
  • 語言: 英文
  • 頁數: 592
  • 裝訂: Paperback
  • ISBN: 159749268X
  • ISBN-13: 9781597492683
  • 相關分類: Linux資訊安全
  • 立即出貨 (庫存 < 4)

買這商品的人也買了...

商品描述

Malware Forensics: Investigating and Analyzing Malicious Code covers the emerging and evolving field of "live forensics," where investigators examine a computer system to collect and preserve critical live data that may be lost if the system is shut down. Unlike other forensic texts that discuss "live forensics" on a particular operating system, or in a generic context, this book emphasizes a live forensics and evidence collection methodology on both Windows and Linux operating systems in the context of identifying and capturing malicious code and evidence of its effect on the compromised system.
Malware Forensics: Investigating and Analyzing Malicious Code also devotes extensive coverage of the burgeoning forensic field of physical and process memory analysis on both Windows and Linux platforms. This book provides clear and concise guidance as to how to forensically capture and examine physical and process memory as a key investigative step in malicious code forensics.
Prior to this book, competing texts have described malicious code, accounted for its evolutionary history, and in some instances, dedicated a mere chapter or two to analyzing malicious code. Conversely, Malware Forensics: Investigating and Analyzing Malicious Code emphasizes the practical "how-to" aspect of malicious code investigation, giving deep coverage on the tools and techniques of conducting runtime behavioral malware analysis (such as file, registry, network and port monitoring) and static code analysis (such as file identification and profiling, strings discovery, armoring/packing detection, disassembling, debugging), and more.

* Winner of Best Book Bejtlich read in 2008!
* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
* Authors have investigated and prosecuted federal malware cases, which allows them to provide unparalleled insight to the reader.
* First book to detail how to perform "live forensic" techniques on malicous code.
* In addition to the technical topics discussed, this book also offers critical legal considerations addressing the legal ramifications and requirements governing the subject matter

商品描述(中文翻譯)

《惡意程式鑑識:調查與分析惡意程式碼》涵蓋了新興且不斷演進的「即時鑑識」領域,調查人員在關閉系統後可能會遺失的情況下,檢查電腦系統以收集和保留關鍵的即時數據。與其他關於特定操作系統或一般情境下的「即時鑑識」的鑑識文獻不同,本書強調在Windows和Linux操作系統上進行即時鑑識和證據收集方法,以識別和捕獲惡意程式碼及其對受攻擊系統的影響的證據。

《惡意程式鑑識:調查與分析惡意程式碼》還廣泛涵蓋了Windows和Linux平台上不斷發展的物理和進程記憶體分析鑑識領域。本書提供了明確而簡潔的指導,教授如何在惡意程式碼鑑識中,以物理和進程記憶體作為關鍵調查步驟進行鑑識和檢查。

在本書之前,競爭的文獻描述了惡意程式碼,介紹了其演化歷史,並在某些情況下僅將一章或兩章用於分析惡意程式碼。相比之下,《惡意程式鑑識:調查與分析惡意程式碼》強調了惡意程式碼調查的實際「如何」方面,深入介紹了執行時行為惡意程式碼分析(如文件、註冊表、網絡和端口監控)和靜態程式碼分析(如文件識別和分析、字串發現、加固/封裝檢測、反組譯、調試)等工具和技術。

* 2008年Bejtlich讀過的最佳書籍獲獎者!
* http://taosecurity.blogspot.com/2008/12/best-book-bejtlich-read-in-2008.html
* 作者曾調查和起訴聯邦惡意程式案件,使他們能夠為讀者提供無與倫比的見解。
* 第一本詳細介紹如何對惡意程式碼進行「即時鑑識」技術的書籍。
* 除了技術主題外,本書還提供了關於法律考慮事項,涉及主題的法律後果和要求的重要內容。