- Machine generated contents note: 1.Linux Malware Incident Response -- Introduction -- Local vs. Remote Collection -- Volatile Data Collection Methodology -- Documenting Collection Steps -- Volatile Data Collection Steps -- Preservation of Volatile Data -- Physical Memory Acquisition on a Live Linux System -- Acquiring Physical Memory Locally -- Documenting the Contents of the /proc/meminfo File -- Remote Physical Memory Acquisition -- Other Methods of Acquiring Physical Memory -- Collecting Subject System Details -- Identifying Users Logged into the System -- Inspect Network Connections and Activity -- Active Network Connections -- Collecting Process Information -- Process Name and Process Identification -- Process to Executable Program Mapping: Full System Path to Executable File -- Invoked Libraries: Dependencies Loaded by Running Processes -- Preserving Process Memory on a Live Linux System -- Examine Running Processes in Relational Context to System State and Artifacts -- Volatile Data in /proc Directory -- Correlate Open Ports with Running Processes and Programs -- Open Files and Dependencies -- Identifying Running Services -- Examine Loaded Modules -- Collecting the Command History -- Identifying Mounted and Shared Drives -- Determine Scheduled Tasks -- Collecting Clipboard Contents -- Nonvolatile Data Collection from a Live Linux System -- Forensic Duplication of Storage Media on a Live Linux System -- Remote Acquisition of Storage Media on a Live Linux System -- Forensic Preservation of Select Data on a Live Linux System -- Assess Security Configuration -- Assess Trusted Host Relationships -- Collect Login and System Logs.
- The Syngress Digital Forensics Field Guides series includes companions for any digital and computer forensic investigator and analyst. Each book is a "toolkit" with checklists for specific tasks, case studies of difficult situations, and expert analyst tips. This compendium of tools for computer forensics analysts and investigators is presented in a succinct outline format with cross-references to supplemental appendices. It is designed to provide the digital investigator clear and concise guidance in an easily accessible format for responding to an incident or conducting analysis in a la.
- AVAILABLE ONLINE TO AUTHORIZED PSU USERS.
View MARC record | catkey: 11930221