Cargando…

Linux Malware Incident Response : an Excerpt from Malware Forensic Field Guide for Linux Systems.

The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for co...

Descripción completa

Detalles Bibliográficos
Clasificación:Libro Electrónico
Autor principal: Malin, Cameron H.
Otros Autores: Casey, Eoghan, Aquilina, James M.
Formato: Electrónico eBook
Idioma:Inglés
Publicado: Burlington : Elsevier Science, 2013.
Temas:
Acceso en línea:Texto completo

MARC

LEADER 00000cam a2200000Mi 4500
001 SCIDIR_ocn830170160
003 OCoLC
005 20231117044837.0
006 m o d
007 cr |n|||||||||
008 130316s2013 vtu ob 000 0 eng d
040 |a EBLCP  |b eng  |e pn  |c EBLCP  |d OCLCQ  |d YDXCP  |d OCLCQ  |d TEF  |d OCLCF  |d UPM  |d UKDOC  |d E7B  |d OCLCQ  |d UIU  |d OCLCQ  |d COO  |d DEBSZ  |d OCLCQ  |d MERUC  |d OCLCQ  |d OCLCA  |d U3W  |d D6H  |d OCLCQ  |d S2H  |d OCLCO  |d SFB  |d OCLCO  |d OCLCQ  |d OCLCO 
020 |a 9780124114890 
020 |a 012411489X 
020 |z 9780124095076 
020 |z 0124095070 
035 |a (OCoLC)830170160 
050 4 |a QA76.3 .M384 2013 
082 0 4 |a 005.432 
100 1 |a Malin, Cameron H. 
245 1 0 |a Linux Malware Incident Response :  |b an Excerpt from Malware Forensic Field Guide for Linux Systems. 
260 |a Burlington :  |b Elsevier Science,  |c 2013. 
300 |a 1 online resource (135 pages) 
336 |a text  |b txt  |2 rdacontent 
337 |a computer  |b c  |2 rdamedia 
338 |a online resource  |b cr  |2 rdacarrier 
520 |a The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a la. 
588 0 |a Print version record. 
504 |a Includes bibliographical references. 
505 0 |a Front Cover; Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data; Copyright Page; Contents; Introduction; How to Use This book; Supplemental Components; Investigative Approach; Methodical Approach; Forensic Soundness; Documentation; Evidence Dynamics; Forensic Analysis in Malware Investigations; Preservation and Examination of Volatile Data; Temporal, Functional, and Relational Analysis; Applying Forensics to Malware; Class Versus Individuating Characteristics; From Malware Analysis to Malware Forensics 
505 8 |a 1 Linux Malware Incident ResponseIntroduction; Local vs. Remote Collection; Investigative Considerations; Volatile Data Collection Methodology; Documenting Collection Steps; Volatile Data Collection Steps; Preservation of Volatile Data; Investigative Considerations; Physical Memory Acquisition on a Live Linux System; Acquiring Physical Memory Locally; Command-Line Utilities; Using dd to Acquire Physical Memory; Using memdump to Acquire Physical Memory; Collecting the /proc/kcore file; GUI-Based Memory Dumping Tools; Using Helix3 Pro to Acquire Physical Memory 
505 8 |a Documenting the Contents of the /proc/meminfo FileInvestigative Considerations; Remote Physical Memory Acquisition; Configuring the Helix3 Pro Image Receiver: Examination System; Configuring Helix3 Pro to Transmit over the Image Receiver: Subject System; Other Methods of Acquiring Physical Memory; Collecting Subject System Details; System Date and Time; System Identifiers; Network Configuration; System Uptime; System Environment; Investigative Consideration; System Status; Identifying Users Logged into the System; Investigative Considerations; Inspect Network Connections and Activity 
505 8 |a Investigative ConsiderationsActive Network Connections; Examine Routing Table; ARP Cache; Collecting Process Information; Process Name and Process Identification; Temporal Context; Memory Usage; Process to Executable Program Mapping: Full System Path to Executable File; Investigative Considerations; Process to User Mapping; Investigative Considerations; Child Processes; Investigative Consideration; Invoked Libraries: Dependencies Loaded by Running Processes; Command-Line Parameters; Preserving Process Memory on a Live Linux System; Investigative Consideration 
505 8 |a Examine Running Processes in Relational Context to System State and ArtifactsVolatile Data in /proc Directory; Correlate Open Ports with Running Processes and Programs; Investigative Consideration; Open Files and Dependencies; Investigative Consideration; Identifying Running Services; Examine Loaded Modules; Investigative Consideration; Collecting the Command History; Identifying Mounted and Shared Drives; Determine Scheduled Tasks; Collecting Clipboard Contents; Nonvolatile Data Collection from a Live Linux System; Forensic Duplication of Storage Media on a Live Linux System 
650 0 |a Computer security. 
650 6 |a S�ecurit�e informatique.  |0 (CaQQLa)201-0061152 
650 7 |a Computer security  |2 fast  |0 (OCoLC)fst00872484 
700 1 |a Casey, Eoghan. 
700 1 |a Aquilina, James M. 
776 0 8 |i Print version:  |a Malin, Cameron H.  |t Linux Malware Incident Response: A Practitioner's Guide to Forensic Collection and Examination of Volatile Data.  |d Burlington : Elsevier Science, �2013  |z 9780124095076 
856 4 0 |u https://sciencedirect.uam.elogim.com/science/book/9780124095076  |z Texto completo