Introduction | p. xi |
Introduction to Software Forensics | p. 1 |
Digital Forensic Definitions | p. 2 |
Software Forensics | p. 4 |
Objectives and Objects of Software Forensics | p. 5 |
Identity | p. 6 |
Other Objects of Study | p. 11 |
Software Forensic Tools | p. 12 |
The Process | p. 12 |
The Products | p. 14 |
Finally, Already, the Tools | p. 16 |
Software Forensic Technologies and Practices | p. 18 |
Content Analysis | p. 18 |
Noncontent Analysis | p. 19 |
Legal Considerations | p. 20 |
Presentation in Court | p. 21 |
Summary | p. 21 |
The Players--Hackers, Crackers, Phreaks, and Other Doodz | p. 23 |
Terminology | p. 24 |
Types of Blackhats | p. 26 |
Motivations and Rationales | p. 29 |
General Characteristics | p. 35 |
Blackhat Products | p. 37 |
Other Products | p. 42 |
Summary | p. 43 |
Software Code and Analysis Tools | p. 45 |
The Programming Process | p. 47 |
The Products | p. 51 |
The Resulting Objects | p. 52 |
The Analytical Tools | p. 53 |
Forensic Tools | p. 63 |
Summary | p. 64 |
Advanced Tools | p. 65 |
Decompilation | p. 65 |
Desquirr | p. 67 |
Dcc | p. 68 |
Boomerang | p. 68 |
Plagiarism | p. 68 |
JPlag | p. 69 |
YAP | p. 70 |
Other Approaches | p. 71 |
Summary | p. 76 |
Law and Ethics--Software Forensics in Court | p. 77 |
Legal Systems | p. 77 |
Differences within Common Law | p. 78 |
Jurisdiction | p. 79 |
Evidence | p. 80 |
Types of Evidence | p. 80 |
Rules of Evidence | p. 81 |
Providing Expert Testimony | p. 84 |
Ethics | p. 87 |
Disclosure | p. 88 |
Blackhat Motivations as a Defense | p. 89 |
Summary | p. 90 |
Computer Virus and Malware Concepts and Background | p. 91 |
History of Computer Viruses and Worms | p. 91 |
Malware Definition and Structure | p. 95 |
Virus Structure | p. 98 |
Worm Structure | p. 100 |
Trojan Structure | p. 101 |
Logic Bomb Structure | p. 103 |
Remote Access Trojan (RAT) Structure | p. 103 |
Distributed Denial of Service (DDoS) Structure | p. 104 |
Detection and Antidetection Techniques | p. 104 |
Detection Technologies | p. 106 |
Stealth and Antidetection Measures | p. 111 |
Summary | p. 112 |
Programming Cultures and Indicators | p. 113 |
User Interface | p. 113 |
Cultural Features and "Help" | p. 116 |
Functions | p. 120 |
Programming Style | p. 122 |
Program Structure | p. 122 |
Programmer Skill and Objectives | p. 124 |
Developmental Strictures | p. 126 |
Technological Change | p. 127 |
Summary | p. 127 |
Stylistic Analysis and Linguistic Forensics | p. 129 |
Biblical Criticism | p. 130 |
Shakespeare and Other Literature | p. 131 |
Individual Identification and Authentication | p. 134 |
Content Analysis | p. 137 |
Noncontent Analysis | p. 139 |
The Content/Noncontent Debate | p. 144 |
Noncontent Metrics as Evidence of Authorship | p. 145 |
Additional Indicators | p. 146 |
Summary | p. 146 |
Authorship Analysis | p. 147 |
Problems | p. 147 |
Plagiarism Detection versus Authorship Analysis | p. 148 |
How Can It Work? | p. 150 |
Source Code Indicators | p. 150 |
More General Indicators | p. 151 |
Is It Reliable? | p. 152 |
Summary | p. 153 |
References and Resources | p. 155 |
Introduction and Background | p. 156 |
Blackhats | p. 166 |
Tools | p. 174 |
Advanced Tools | p. 190 |
Law and Ethics | p. 190 |
Viruses and Malware | p. 196 |
Stylistic Analysis and Linguistic Forensics | p. 201 |
Software Authorship Analysis | p. 202 |
Index | p. 205 |
Table of Contents provided by Ingram. All Rights Reserved. |