Malware Forensics Field Guide for Windows Systems

Cameron Malin et al

Published by

Syngress

ISBN

9781597494724

RRP

€42.95

Reviewed by

Nick Dunn MBCS CITP

Score

8 out of 10

As suggested by the title, the authors make no pretension to teach the basics of digital forensics or to provide in-depth explanations.

Instead this book acts as reference for professionals involved specifically in malware forensics and aims to provide a handy checklist of procedures and suitable software.

The book carries out this aim very thoroughly and covers everything a professional practitioner is likely to need in any normal working situation. The size, although possibly not the weight, is suitable for a field guide and the content is divided into logical categories.

A huge range of subjects is covered in a concise fashion, by concentrating on the important details and avoiding any background information.

Amongst the features most useful to a professional reader carrying out an investigation are the analyses and descriptions of available tools, the checklists for each situation and the sample forms to be used during the gathering of evidence.

As in most fields of information security a good book is very useful but needs to be supplemented by the web to keep pace with new developments. Fortunately the authors have provided a website with updates to attempt to counter the risk of the content becoming obsolete.

Unfortunately, as with other books of this nature published in the USA, the chapter that covers legal considerations is presumably very useful to American readers but largely redundant for readers working in other countries. As a result British readers may find a need for additional training or information to supplement the book.

Overall the book gives a very thorough set of guidelines and checklists for professionals in the field and should provide information for almost all circumstances when working and should be particularly useful to anyone finding themself without internet access while on a forensics job.

As mentioned earlier, this is not a book for the beginner and should be supplemented by other materials if the reader has limited experience.

Further information: Syngress

August 2012