Malware Forensics: Investigating and Analyzing Malicious Code

Title: Malware Forensics: Investigating and Analyzing Malicious Code

Authors: James M. Aquilina, Eoghan Casey, Cameron H. Malin

Publisher: Syngress

Reviewer: Tony Campbell

Cover for Malware Forensics
Malware Forensics


It has seemed for some time to me that publisher, Syngress, has the Digital Forensics book market almost exclusively to itself. After reading Malware Foresnics, my mind had not been changed one iota. This book, although published in June 2008, is by far the most comprehensive introduction to the inner workings of malware that I’ve come across. Understanding malware is a really complicated subject, for sure, covering a broad spectrum of illicit software types, but there is no doubt that the combined efforts of James Aquilina, Eoghan Casey, and Cameron Malin delivers a fantastic result. Quite often I personally struggle with reading heavyweight textbooks cover to cover, often with these books ending up on my bookshelf as unread references just in case I will need them in the future. However, I did read this one, cover to cover, and have come out the other side of that experience a better man. The authors go into the low-level details of both Windows and Linux malware and decompose the inner working of each type of illicit software to a fundamental degree of understanding that is consumable by programmers and non-programmers (like me). Another great feature of this book is that the authors do not hold back on their use of Windows and Linux tools, taking the reader through the processes involved analyzing real examples of malware in both operating system environments. I would recommend this book to anyone who has an interest in understanding malware and certainly recommend it to anyone who has a need to understand the context of malware in computer forensics. It is very apparent from the style of delivery and especially after re-reading the introductory section on the context of forensics that the authors are very focused on the evidentiary weight of their malware analysis. I applaud them for these efforts and highly recommend this book as not just being for malware geeks, but really important for anyone trying to understand the nature of malicious code and how it can adversely affect your forensic investigation. At 592 pages, this book is a true heavyweight contender and is truly the best value for money I’ve found on this subject. Well done, Syngress and well done autors for Winner of Best Book Bejtlich read in 2008.