Software forensics - analyzing program code to track, identify, and prosecute computer virus perpetrators - has emerged as one of the most promising and technically challenging aspects of information management and security. This is a technical tutorial that thoroughly examines the programming tools, investigative and analysis methods, and legal implications of the complex evidence chain. Also included are eye-opening case studies, including the famous Enron case, and sample code from real criminal investigations. Written by a security consultant whose clients include the Canadian Government, Software Forensics covers: basic concepts; hackers, crackers, and phreaks; objects of analysis: text strings, source code, machine code; user interfaces and commands; program structures and versions; virus families; function indicators; stylistic analysis; and much more. There is better or faster way for programmers, security analysts and consultants, security officers in the enterprise, application developers, lawyers, judges, and anyone else interested in software forensics to get up to speed on forensic programming tools and methods and the nature of cyber evidence.
Robert M. Slade has been a security consultant since 1987, working for some of the best-known Fortune 500 companies, and the government of Canada. The author of Robert Slade's Guide to Computer Viruses, and co-author of Viruses Revealed, he also teaches. He has prepared curricula and taught courses for Simon Fraser University, MacDonald Dettwiler and Associates, Ltd., and the University of Phoenix, among others. He is a CISSP (Certified Information Systems Security Practitioner) trainer and a specialist in malware.