OK, I wouldn’t normally promote a book unless it blew my mind in half. So far, this book written by Bill Blunden has. It is primarily focused on rootkits, every aspect of a rootkit in fact. What I thought was really great was Blunden’s entire section on anti-forensics and computer forensics where acquisition methods, examination methods and other techniques are explained in detail. This can give you a better idea of what some forensic examiners might do and how to counter those methods they will likely employ.
This book comes in at just over 900 pages making it weigh about 300lbs. This means the book itself works great as an anti-forensics tool. You can smash flash drives, optical media, hard drives and even federal agents with this thing.
Each topic in this book is covered in depth and is full of detailed information. With a bit of coding knowledge you could create your own rootkit, bot or trojan and fully equip it with anti-forensic techniques which will make any examination costly or help hide or disguise the software from the eyes of an examiner and their reliance on automated tools.
Now you can go through a good 500 pages of the book on Google books which is what I did at first: Link
If you can’t get enough and need the physical copy, then I do recommend dropping some bones on this one. You just need time to read it. If you’re like me, working after work between sessions of more work, then you’ll need to schedule yourself an hour a day to get into this book. Perhaps longer if you’re implementing some of the methods.
From a quick Google of Bill Blunden’s name it looks like he may be speaking at CEIC 2010. Please comment if you’ve read this book or have gone through bits of it, I’d like to see what others think as well.
Related posts:
- Beat EnCase File Signature Analysis on a Windows System Use a hex editor to modify the file signature of...
- Disable Thumbnail Caching and Wipe Thumbs.db files on a Windows XP System The thumbs.db file on a Windows XP system can be...
Thanks I bookmarked the google book page
Thanks for the link and the book review. It looks very interesting and one I think I will pick up.
It really is a great book Jeff. The one thing I must warn you about though is it does delve fairly deep into assembly language. Now, if you have no desire to learn assembly or code your own rootkit from examples in the book, it’s still an extremly awesome read.
You will understand what rootkits and other malware are capable of and have a fairly good idea of many of the methods used to make malware undetectable or hidden.
If you order it, let us know what you think.
Well, there goes my free time this weekend. Great recommendation, thanks for the Google Books link.