Linux Malware Incident Response : An Excerpt from Malware Forensic Field Guide for Linux Systems


Cameron H. Malin
Bok Engelsk 2013 · Electronic books.
Annen tittel
Utgitt
Burlington : : Elsevier Science, , 2013.
Omfang
1 online resource (135 p.)
Opplysninger
Description based upon print version of record.. - Front Cover; Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data; Copyright Page; Contents; Introduction; How to Use This book; Supplemental Components; Investigative Approach; Methodical Approach; Forensic Soundness; Documentation; Evidence Dynamics; Forensic Analysis in Malware Investigations; Preservation and Examination of Volatile Data; Temporal, Functional, and Relational Analysis; Applying Forensics to Malware; Class Versus Individuating Characteristics; From Malware Analysis to Malware Forensics. - 1 Linux Malware Incident ResponseIntroduction; Local vs. Remote Collection; Investigative Considerations; Volatile Data Collection Methodology; Documenting Collection Steps; Volatile Data Collection Steps; Preservation of Volatile Data; Investigative Considerations; Physical Memory Acquisition on a Live Linux System; Acquiring Physical Memory Locally; Command-Line Utilities; Using dd to Acquire Physical Memory; Using memdump to Acquire Physical Memory; Collecting the /proc/kcore file; GUI-Based Memory Dumping Tools; Using Helix3 Pro to Acquire Physical Memory. - Documenting the Contents of the /proc/meminfo FileInvestigative Considerations; Remote Physical Memory Acquisition; Configuring the Helix3 Pro Image Receiver: Examination System; Configuring Helix3 Pro to Transmit over the Image Receiver: Subject System; Other Methods of Acquiring Physical Memory; Collecting Subject System Details; System Date and Time; System Identifiers; Network Configuration; System Uptime; System Environment; Investigative Consideration; System Status; Identifying Users Logged into the System; Investigative Considerations; Inspect Network Connections and Activity. - Examine Running Processes in Relational Context to System State and ArtifactsVolatile Data in /proc Directory; Correlate Open Ports with Running Processes and Programs; Investigative Consideration; Open Files and Dependencies; Investigative Consideration; Identifying Running Services; Examine Loaded Modules; Investigative Consideration; Collecting the Command History; Identifying Mounted and Shared Drives; Determine Scheduled Tasks; Collecting Clipboard Contents; Nonvolatile Data Collection from a Live Linux System; Forensic Duplication of Storage Media on a Live Linux System. - Investigative ConsiderationsActive Network Connections; Examine Routing Table; ARP Cache; Collecting Process Information; Process Name and Process Identification; Temporal Context; Memory Usage; Process to Executable Program Mapping: Full System Path to Executable File; Investigative Considerations; Process to User Mapping; Investigative Considerations; Child Processes; Investigative Consideration; Invoked Libraries: Dependencies Loaded by Running Processes; Command-Line Parameters; Preserving Process Memory on a Live Linux System; Investigative Consideration. - Remote Acquisition of Storage Media on a Live Linux System. - Linux Malware Incident Response is a ""first look"" at the Malware Forensics Field Guide for Linux Systems, exhibiting the first steps in investigating Linux-based incidents. The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a ""toolkit"" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to suppleme
Emner
Sjanger
Dewey
ISBN
9780124095076

Bibliotek som har denne