Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data
An Excerpt from Malware Forensic Field Guide for Linux Systems
By Cameron H. Malin, Eoghan Casey, James M. Aquilina
Publisher: Elsevier / Syngress
Final Release Date: March 2013
Pages: 134

Linux Malware Incident Response is a "first look" at the Malware Forensics Field Guide for Linux Systems, exhibiting the first steps in investigating Linux-based incidents. The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a lab.

  • Presented in a succinct outline format with cross-references to included supplemental components and appendices
  • Covers volatile data collection methodology as well as non-volatile data collection from a live Linux system
  • Addresses malware artifact discovery and extraction from a live Linux system
Product Details
Recommended for You
Customer Reviews

REVIEW SNAPSHOT®

by PowerReviews
oreillyLinux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data
 
4.0

(based on 1 review)

Ratings Distribution

  • 5 Stars

     

    (0)

  • 4 Stars

     

    (1)

  • 3 Stars

     

    (0)

  • 2 Stars

     

    (0)

  • 1 Stars

     

    (0)

Reviewed by 1 customer

Displaying review 1

Back to top

 
4.0

A good read for beginners

By Ish Sookun

from Mauritius

About Me Developer, Sys Admin

Verified Reviewer

Pros

  • Easy to understand
  • Helpful examples
  • Well-written

Cons

  • Introduction Was Bulky

Best Uses

  • Novice
  • Student

Comments about oreilly Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data:

The introduction can appear a bit bulky with too much reading. Concepts are repetitively described. People with technical background might get bored with the first few pages. Just bear with the initial theories as the rest of the book will be a pleasure once the introduction chapter is over.

The author does a great job by providing command examples and inline references that prompts for additional reading.

There's one particular thing that captured my mind; it's about taking snapshot of the physical memory and analyzing the data. It's a great way to investigate since a lot of traces could still be left within the memory space after the intrusion. Apart from third-party tools the author emphasizes a lot on utilities that already come built-in with most Linux distributions. These may be tools that System Admins use everyday. Yet the author shows how these tools can be used to extract precise information and crunch the same for analysis.

It may not be a complete manual but this book will be useful to people beginning with Linux malware incident resolution & investigation.

Displaying review 1

Back to top

 
Buy 2 Get 1 Free Free Shipping Guarantee
Buying Options
Immediate Access - Go Digital what's this?
Ebook: $19.95
Formats:  ePub, Mobi, PDF