Malware Forensics Field Guide for Windows Systems
Authors: Cameron H. Malin, Eoghan Casey, and James M. Aquilina
If you are looking for a field guide that will help you identify malware on a Windows computer system, examine it, and determine its impact, than this book might be just the right thing for you.
About the authors
Cameron H. Malin is a Supervisory Special Agent with the FBI assigned to a Cyber Crime squad in Los Angeles, California. He is also the Chapter Lead for the Southern California Chapter of the Honeynet Project, a Certified Ethical Hacker and Certified Defense Architect.
Eoghan Casey is a founding partner of cmdLabs and author of two books on digital forensics. He works at the Department of Defensee Cyber Crime Center (DC3) on researcher and tool development. He is also the Editor-in-Chief of Digital Investigation: The International Journal of Digital Forensics and Incident Response.
James M. Aquilina is an Executive Managing Director and Deputy General Counsel with Stroz Friedberg, where he supervises numerous digital forensic, Internet investigative, and electronic discovery assignments for government agencies, major law firms, and others in criminal, civil, regulatory, and internal corporate matters.
Inside the book
This book is written with the following premise in mind: when malware is discovered on a system, time pressure to investigate should be secondary to organized methodology, sound analysis, steady documentation and attention to evidence dynamics.
Don’t skip the introduction – it will give you valuable insight into why the book is structured as it is and how to use it.
The book is divided into five big chapters that cover subjects such as the collection of volatile data and examination on a live Windows system; the analysis of physical and process memory dumps in search for malware artifacts; malware extraction from Windows systems; the legal considerations of all those actions; file identification and profiling; and the analysis of a malware specimen.
The chapters should be read sequentially if you’re new to malware forensics, but their internal structure is also perfectly suited for helping forensic experts jog their memory while in the process of doing their jobs. The last two chapters – on file identification, profiling and malware analysis – are especially large and comprehensive.
Each chapter is peppered throughout with examples of field interview questions to be used while responding to an incident, field note examples, analysis tips, tips on common mistakes to avoid, information about tools that can be used in the investigation, and a list of supplemental texts on each subject.
This book is an exhaustive field guide that can help forensic specialists become experts at their job. Well written and structured, it’s easy to read and to flip through at need.