E-Book Overview
Dissecting the dark side of the Internet with its infectious worms, botnets, rootkits, and Trojan horse programs (known as malware) is a treaterous condition for any forensic investigator or analyst. Written by information security experts with real-world investigative experience, Malware Forensics Field Guide for Windows Systems is a "tool" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips.*A condensed hand-held guide complete with on-the-job tasks and checklists *Specific for Windows-based systems, the largest running OS in the world *Authors are world-renowned leaders in investigating and analyzing malicious code
E-Book Content
Malware Forensics Field Guide for Windows Systems Digital Forensics Field Guides Cameron H. Malin Eoghan Casey James M. Aquilina Curtis W. Rose Technical Editor
Acquiring Editor: Cris Katsaropoulos Project Manager: Paul Gottehrer Designer: Alisa Andreola Syngress is an imprint of Elsevier 225 Wyman Street, Waltham, MA 02451, USA © 2012 Elsevier, Inc. All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or any information storage and retrieval system, without permission in writing from the publisher. Details on how to seek permission, further information about the Publisher’s permissions policies and our arrangements with organizations such as the Copyright Clearance Center and the Copyright Licensing Agency, can be found at our website: www.elsevier.com/permissions. This book and the individual contributions contained in it are protected under copyright by the Publisher (other than as may be noted herein).
Notices Knowledge and best practice in this field are constantly changing. As new research and experience broaden our understanding, changes in research methods or professional practices, may become necessary. Practitioners and researchers must always rely on their own experience and knowledge in evaluating and using any information or methods described herein. In using such information or methods they should be mindful of their own safety and the safety of others, including parties for whom they have a professional responsibility. To the fullest extent of the law, neither the Publisher nor the authors, contributors, or editors, assume any liability for any injury and/or damage to persons or property as a matter of products liability, negligence or otherwise, or from any use or operation of any methods, products, instructions, or ideas contained in the material herein. Library of Congress Cataloging-in-Publication Data Application submitted British Library Cataloguing-in-Publication Data A catalogue record for this book is available from the British Library. ISBN: 978-1-59749-472-4 For information on all Syngress publications visit our website at http://store.elsevier.com Printed in the United States of America 12 13 14 15 16 10 9 8 7 6 5 4 3 2 1 Typeset by: diacriTech, Chennai, India
For our moms, who taught us determination, patience, creativity, and to live passionately.
Acknowledgments Cameron would like to thank a number of people for their guidance, support, and ideas on this book —without them it would not have happened. James and Eoghan I appreciate your willingness to keep an open mind and embrace the format and structure of this book; it was a rewarding challenge. I’m proud to work with you both. Thanks to the Syngress crew for your patience and understanding of our vision: Steve Elliot, Angelina Ward, Laura Colantoni, Matthew Cater, Paul Gottehrer, Chris Katsaropoulos, and David Bevans. Not to be forgotten are the some terrific researchers, developers, and forensic practitioners who assisted and supported this book: Mila Parkour (contagiodump.blogspot.com), Ero Carera and Christian Blichmann