By Cameron H. Malin, Eoghan Casey, James M. Aquilina
Publisher: Elsevier / Syngress
Final Release Date: December 2013
Malware Forensics Field Guide for Linux Systems is a handy reference that shows students the essential tools needed to do computer forensics analysis at the crime scene. It is part of Syngress Digital Forensics Field Guides, a series of companions for any digital and computer forensic student, investigator or analyst. Each Guide is a toolkit, with checklists for specific tasks, case studies of difficult situations, and expert analyst tips that will aid in recovering data from digital media that will be used in criminal prosecution.
This book collects data from all methods of electronic data storage and transfer devices, including computers, laptops, PDAs and the images, spreadsheets and other types of files stored on these devices. It is specific for Linux-based systems, where new malware is developed every day. The authors are world-renowned leaders in investigating and analyzing malicious code. Chapters cover malware incident response - volatile data collection and examination on a live Linux system; analysis of physical and process memory dumps for malware artifacts; post-mortem forensics - discovering and extracting malware and associated artifacts from Linux systems; legal considerations; file identification and profiling initial analysis of a suspect file on a Linux system; and analysis of a suspect program.
This book will appeal to computer forensic investigators, analysts, and specialists.
A compendium of on-the-job tasks and checklists
Specific for Linux-based systems in which new malware is developed every day
Authors are world-renowned leaders in investigating and analyzing malicious code
Comments about oreilly Malware Forensics Field Guide for Linux Systems:
Much like it's Windows counterpart, the Malware Forensics Field Guide for Linux Systems does not disappoint. With this book, some Linux fundamentals, a few open source tools, and a suspect piece of software you can begin the incident handling process for a suspect piece of software found on a Linux system.
Bottom Line Yes, I would recommend this to a friend