Malware Forensics

The book I read to research this post was Malware Forensics Field Guide For Windows Systems by Eoghan Casey et al which is an excellent book which I bought from kindle. This book looks at the legal aspects mostly according to American law and also looks at the technical aspects of dealing with a virus infestation on either a network or desktop pc. It lists loads of software that can do the various jobs, far too many to list here and looks at doing the basics with some of this software. Eoghan is a bit of a legend in Digital Forensics and I have read quite a lot of books by him. There is also quite a lot of posts on different aspects of digital forensics at my computing blog at http://scratbag.me & my technology blog at http://scratbagroberts.com

If your computer is attacked by malware it's best to analyze it in a live state which means with out re booting it which will often destroy any evidence. Many professionals use MD5 or Memory Digest 5 to copy the hard drive. One problem facing you in this job is there is various types of memory that all need to be copied. Another problem is what you copy it to, in most cases it will be an external hard drive due to the enormous amount of data. Also copying it to writable media like dvdr's takes longer. A good program that will copy a network to another network hard drive is Encase Enterprise. A lot of malware nowadays contains keyloggers to find things like passwords, something to locate credit card numbers & an email address for this information to be sent to. One way you can spot malware is you use a port sniffer like wireshark it will constantly try to access the internet to send its newfound information. This book is nearly 1,000 pages and covers every aspect of malware and I really enjoyed reading it.