Software forensics -- analyzing program code to track, identify, and prosecute computer virus perpetrators -- has emerged as one of the most promising and technically challenging aspects of information management and security. This is a technical tutorial that thoroughly examines the programming tools, investigative and analysis methods, and legal implications of the complex evidence chain. Also included are eye-opening case studies, including the famous Enron case, and sample code from real criminal investigations. Written by a security consultant whose clients include the Canadian Government, Software Forensics covers: * Basic concepts * Hackers, crackers, and phreaks * Objects of analysis: text strings, source code, machine code * User interfaces and commands * Program structures and versions * Virus families * Function indicators * Stylistic analysis * and much more There is no better or faster way for programmers, security analysts and consultants, security officers in the enterprise, application developers, lawyers, judges, and anyone else interested in software forensics to get up to speed on forensic programming tools and methods and the nature of cyber evidence.

Robert M. Slade has been a security consultant since 1987, working for some of the best-known Fortune 500 companies, and the government of Canada. The author of Robert Slade's Guide to Computer Viruses, and co-author of Viruses Revealed, he also teaches. He has prepared curricula and taught courses for Simon Fraser University, MacDonald Dettwiler and Associates, Ltd., and the University of Phoenix, among others. He is a CISSP (Certified Information Systems Security Practitioner) trainer and a specialist in malware.

Introduction

xi

1 Introduction to Software Forensics

1

(22)

Digital Forensic Definitions

2

(3)

Software Forensics

4

(1)

Objectives and Objects of Software Forensics

5

(6)

Identity

6

(5)

Other Objects of Study

11

(1)

Software Forensic Tools

12

(6)

The Process

12

(2)

The Products

14

(2)

Finally, Already, the Tools

16

(2)

Software Forensic Technologies and Practices

18

(2)

Content Analysis

18

(1)

Noncontent Analysis

19

(1)

Legal Considerations

20

(1)

Presentation in Court

21

(1)

Summary

21

(2)

2 The Players-Hackers, Crackers, Phreaks, and Other Doodz

23

(22)

Terminology

24

(19)

Types of Blackhats

26

(3)

Motivations and Rationales

29

(6)

General Characteristics

35

(2)

Blackhat Products

37

(5)

Other Products

42

(1)

Summary

43

(2)

3 Software Code and Analysis Tools

45

(20)

The Programming Process

47

(4)

The Products

51

(1)

The Resulting Objects

52

(1)

The Analytical Tools

53

(11)

Forensic Tools

63

(1)

Summary

64

(1)

4 Advanced Tools

65

(12)

Recompilation

65

(3)

Desquirr

67

(1)

Dcc

68

(1)

Boomerang

68

(1)

Plagiarism

68

(2)

JPlag

69

(1)

YAP

70

(6)

Other Approaches

71

(5)

Summary

76

(1)

5 Law and Ethics-Software Forensics in Court

77

(14)

Legal Systems

77

(3)

Differences within Common Law

78

(1)

Jurisdiction

79

(1)

Evidence

80

(7)

Types of Evidence

80

(1)

Rules of Evidence

81

(3)

Providing Expert Testimony

84

(3)

Ethics

87

(3)

Disclosure

88

(1)

Blackhat Motivations as a Defense

89

(1)

Summary

90

(1)

6 Computer Virus and Malware Concepts and Background

91

(22)

History of Computer Viruses and Worms

91

(4)

Maiware Definition and Structure

95

(9)

Virus Structure

98

(2)

Worm Structure

100

(1)

Trojan Structure

101

(2)

Logic Bomb Structure

103

(1)

Remote Access Trojan (RAT) Structure

103

(1)

Distributed Denial of Service (DDOS) Structure

104

(1)

Detection and Antidetection Techniques

104

(8)

Detection Technologies

106

(5)

Stealth and Antidetection Measures

111

(1)

Summary

112

(1)

7 Programming Cultures and Indicators

113

(16)

User Interface

113

(3)

Cultural Features and "Help"

116

(4)

Functions

120

(2)

Programming Style

122

(5)

Program Structure

122

(2)

Programmer Skill and Objectives

124

(2)

Developmental Strictures

126

(1)

Technological Change

127

(1)

Summary

127

(2)

8 Stylistic Analysis and Linguistic Forensics

129

(18)

Biblical Criticism

130

(1)

Shakespeare and Other Literature

131

(3)

Individual Identification and Authentication

134

(12)

Content Analysis

137

(2)

Noncontent Analysis

139

(5)

The Content/Noncontent Debate

144

(1)

Noncontent Metrics as Evidence of Authorship

145

(1)

Additional Indicators

146

(1)

Summary

146

(1)

9 Authorship Analysis

147

(8)

Problems

147

(3)

Plagiarism Detection versus Authorship Analysis

148

(2)

How Can It Work?

150

(2)

Source Code Indicators

150

(1)

More General Indicators

151

(1)

Is It Reliable?

152

(1)

Summary

153

(2)

References and Resources

155

(50)

Introduction and Background

156

(10)

Blackhats

166

(8)

Tools

174

(16)

Advanced Tools

190

(1)

Law and Ethics

190

(6)

Viruses and Malware

196

(5)

Stylistic Analysis and Linguistic Forensics

201

(1)

Software Authorship Analysis

202

(3)

Index

205

What is included with this book?

The New copy of this book will include any supplemental materials advertised. Please check the title of the book to determine if it should include any access cards, study guides, lab manuals, CDs, etc.

The Used, Rental and eBook copies of this book are not guaranteed to include any supplemental materials. Typically, only the book itself is included. This is true even if the title states it includes any access cards, study guides, lab manuals, CDs, etc.

Amazon no longer offers textbook rentals. We do!

Amazon no longer offers textbook rentals. We do!

We're the #1 textbook rental company. Let us show you why.

Software Forensics

9780071428040

0071428046

Supplemental Materials

Summary

Author Biography

Table of Contents

Supplemental Materials

Rewards Program