Book Review: Malware Analyst’s Cookbook

By Chad Tilbury on November 28, 2011 in Malware, Memory Forensics, Tool Review — Leave a comment

A year after release, the Malware Analyst’s Cookbook continues to elicit uniformly high praise from the security community.  It is one of those rare books that only come around once every few years.  The breadth of information covered is staggering, and it makes an excellent reference to return to as your skills develop.  If I could make one recommendation, I would encourage readers to not wait to read the last four chapters of the book.

The last quarter of the book covers memory forensic analysis, and it is the definitive resource currently available on the subject (either online or in print).  If the entire book consisted of just this section, it would be worth the price.  Instruction starts with memory acquisition, and nicely covers memory dumps from alternative sources like virtual machines (Fusion, Parallels VMware, and VirtualBox).  The Volatility memory analysis framework is used exclusively, owing to one of the authors being a primary contributor to the project.  The concepts behind the tools are described in detail making it easy to port the information to any of the memory analysis suites currently available.  Throughout the text, techniques learned in earlier sections are re-applied to this newest form of forensics.  As an example, YARA malware identification rules are well covered in previous chapters and reappear as a viable method for scanning memory.  Links to prior techniques are well documented and indexed, allowing the book to be read in any order.  An extensive collection of memory dumps is included with the book DVD, letting readers immediately get their hands dirty with the exercises without needing to create their own samples.  This is a wonderful addition to the book and unfortunately quite rare in books of this genre.

Although I am not a big fan of the cookbook/recipe structure, the content is so good it could be scrawled on napkins and still be engaging.  With the current state of information security, the Malware Analyst’s Cookbook is a must have book for every information security practitioner.

(From my 5-star  review on Amazon)

No Comments

Be the first to start the conversation.

Leave a Reply