Description |
1 online resource (135 pages) |
|
text txt rdacontent |
|
computer c rdamedia |
|
online resource cr rdacarrier |
Summary |
The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a la. |
Note |
Print version record. |
Bibliography |
Includes bibliographical references. |
Contents |
Front Cover; Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data; Copyright Page; Contents; Introduction; How to Use This book; Supplemental Components; Investigative Approach; Methodical Approach; Forensic Soundness; Documentation; Evidence Dynamics; Forensic Analysis in Malware Investigations; Preservation and Examination of Volatile Data; Temporal, Functional, and Relational Analysis; Applying Forensics to Malware; Class Versus Individuating Characteristics; From Malware Analysis to Malware Forensics |
|
1 Linux Malware Incident ResponseIntroduction; Local vs. Remote Collection; Investigative Considerations; Volatile Data Collection Methodology; Documenting Collection Steps; Volatile Data Collection Steps; Preservation of Volatile Data; Investigative Considerations; Physical Memory Acquisition on a Live Linux System; Acquiring Physical Memory Locally; Command-Line Utilities; Using dd to Acquire Physical Memory; Using memdump to Acquire Physical Memory; Collecting the /proc/kcore file; GUI-Based Memory Dumping Tools; Using Helix3 Pro to Acquire Physical Memory |
|
Documenting the Contents of the /proc/meminfo FileInvestigative Considerations; Remote Physical Memory Acquisition; Configuring the Helix3 Pro Image Receiver: Examination System; Configuring Helix3 Pro to Transmit over the Image Receiver: Subject System; Other Methods of Acquiring Physical Memory; Collecting Subject System Details; System Date and Time; System Identifiers; Network Configuration; System Uptime; System Environment; Investigative Consideration; System Status; Identifying Users Logged into the System; Investigative Considerations; Inspect Network Connections and Activity |
|
Investigative ConsiderationsActive Network Connections; Examine Routing Table; ARP Cache; Collecting Process Information; Process Name and Process Identification; Temporal Context; Memory Usage; Process to Executable Program Mapping: Full System Path to Executable File; Investigative Considerations; Process to User Mapping; Investigative Considerations; Child Processes; Investigative Consideration; Invoked Libraries: Dependencies Loaded by Running Processes; Command-Line Parameters; Preserving Process Memory on a Live Linux System; Investigative Consideration |
|
Examine Running Processes in Relational Context to System State and ArtifactsVolatile Data in /proc Directory; Correlate Open Ports with Running Processes and Programs; Investigative Consideration; Open Files and Dependencies; Investigative Consideration; Identifying Running Services; Examine Loaded Modules; Investigative Consideration; Collecting the Command History; Identifying Mounted and Shared Drives; Determine Scheduled Tasks; Collecting Clipboard Contents; Nonvolatile Data Collection from a Live Linux System; Forensic Duplication of Storage Media on a Live Linux System |
Subject |
Computer security.
|
|
Sécurité informatique.
|
|
Computer security
|
Added Author |
Casey, Eoghan.
|
|
Aquilina, James M.
|
Other Form: |
Print version: Malin, Cameron H. Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data. Burlington : Elsevier Science, ©2013 9780124095076 |
ISBN |
9780124114890 |
|
012411489X |
|
9780124095076 |
|
0124095070 |
Standard No. |
AU@ 000055880066 |
|
CHNEW 000691395 |
|
CHNEW 000691397 |
|
CHNEW 000898684 |
|
CHNEW 001011083 |
|
DEBBG BV042314309 |
|
DEBSZ 405347316 |
|
DEBSZ 43130789X |
|
NZ1 15292935 |
|
DKDLA 820120-katalog:9910110336905765 |
|
AU@ 000073152887 |
|