Software forensics -- analyzing program code to track, identify, and prosecute computer virus perpetrators -- has emerged as one of the most promising and technically challenging aspects of information management and security.
This is a technical tutorial that thoroughly examines the programming tools, investigative and analysis methods, and legal implications of the complex evidence chain. Also included are eye-opening case studies, including the famous Enron case, and sample code from real criminal investigations.
Written by a security consultant whose clients include the Canadian Government, Software Forensics covers:
* Basic concepts
* Hackers, crackers, and phreaks
* Objects of analysis: text strings, source code, machine code
* User interfaces and commands
* Program structures and versions
* Virus families
* Function indicators
* Stylistic analysis
* and much more
There is no better or faster way for programmers, security analysts and consultants, security officers in the enterprise, application developers, lawyers, judges, and anyone else interested in software forensics to get up to speed on forensic programming tools and methods and the nature of cyber evidence.