Malware Incident Response
Volatile Data Collection and Examination on a Live Linux System
Solutions in this chapter:
• Volatile Data Collection Methodology
° Local versus Remote Collection
° Preservation of Volatile Data
° Physical Memory Acquisition
° Collecting Subject System Details
° Identifying Logged in Users
° Current and Recent Network Connections
° Collecting Process Information
° Correlate Open Ports with Running Processes and Programs
° Identifying Services and Drivers
° Determining Open Files
° Collecting Command History
° Identifying Shares
° Determining Scheduled Tasks
° Collecting Clipboard Contents
• Nonvolatile Data Collection from a Live Linux System
° Forensic Duplication of Storage Media
° Forensic Preservation ...
Get Malware Forensics Field Guide for Linux Systems now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.