Malware Forensics Field Guide for Windows Systems: Digital Forensics Field Guides

Posted on by Ben Rothke

Wikipedia defines a field guide as a book designed to help the reader identify wildlife (plants or animals) or other objects of natural occurrence (e.g. minerals). It is generally designed to be brought into the 'field' or local area where such objects exist to help distinguish between similar objects.

If you change wildlife to Malware Forensics, then you have the Malware Forensics Field Guide for Windows Systems which is a handy reference to deal with malware forensics.

The book has scores of tasks lists and checklists on all aspects of malware forensics, from collections, evidence, profiling, memory to malware analysis and a lot more.  For anyone involved with malware analysis, the book is likely to be a blessing given its innumerable worksheets, technical details, and lists of the entire minutia many technicians forget about in the heat of analysis.

One of the co-authors is Eoghan Casey, whose book Digital Evidence and Computer Crime(reviewed here) is the definitive tome on the topic. The other two co-authors are Cameron Malin, a special agent with the FBI and James Aquilina, Deputy General Counsel of Stroz Friedberg.  The 3 authors bring complementary expertise to the book which is manifest in every chapter.

The book is not meant as an introductory text, rather as a reference for experienced professionals.  For such a reader, they will likely find the Malware Forensics Field Guide for Windows Systems  to be an invaluable reference.

Ben Rothke

Senior Information Security Manager, Tapad

data security forensics & e-discovery anti-malware

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs