Malware Analyst’s Cookbook is written by Michael Ligh, Steven Adair, Blake Harstein, and Matt Richard. It is scheduled for release in September 2010. The nearly 200 recipes (you can think of them as 3-5 page blogs) aim to solve common problems that you’ll encounter while analyzing, reverse-engineering, and investigating malware. The DVD includes full size color images of all figures in the book, evidence files (memory samples, registry hives, etc.) and about 50 custom tools in C/C++, Python and Perl – many of which we’ll also publish on this website after some time. If you have questions, comments, bug fixes, or tool extensions, feel free to drop us a line at malwarecookbook at gmail dot com.
Here’s a list of the chapters you can expect to find in the book:
1. Anonymizing Your Activities
2. Honeypots
3. Malware Classification
4. Sandboxes and Multi-AV Scanners
5. Domains and IP Addresses
6. Malicious Documents and URLs
7. Malware Labs
8. Automation
9. Dynamic Analysis
10. Malware Forensics
11. Debugging Malware
12. De-Obfuscation
13. Working with DLLs
14. Kernel Debugging
15. Memory Forensics with Volatility
16. Memory Forensics: Code Injection & Extraction
17. Memory Forensics: Rootkits
18. Memory Forensics: Network and Registry
i had the honour to enjoy the book before its official start in november and i really entrust it to everyone who is interested in malware analysis. especially the included DVD with lots of scripts, sample malware images and videos for each chapter make it the best book of this type so far.
This book looks great.
I pre-ordered and got my copy a couple days ago. I got started reading it yesterday and really liking it. I can see I’m going to learn a lot from your work. Thanks!
Ken
I recently purchased this book as e-book in kindle. How do I get access to the material that was on DVD. No information available in relation to material on DVD even though part of purchase. A link would be great. If you need proof of purchase please provide an email address. Thanks
Zidane, please send me a message at malwarecookbook at gmail dot com. Neither the publisher nor Amazon have a way to distribute the DVD contents with kindle purchases, but I can get you the files.
I have purchased the Ipad Kindle version during the lunch and could not stop reading. This book is great. I have just ordered 7 other printed copies to my lab. It Will be obligatory readin in my company’s forensic lab.
An excellent book. To fill in knowledge gaps, I decided to read and interact with the book cover to cover. So far I’ve read over 100 pages and skimmed other sections. An excellent book for reference and for learning, featuring new, relevant and cutting edge techniques and examples. This is not a book looking at threats from a decade ago like some others. This is a book who’s time is NOW. In addition, a stellar team of authors makes this book a must-have braindump.
After hanging out at a boarders bookstore this weekend, i decided to glance the first chapter of this book, “Anonymizing Your Activities”. I have to hand it to Michael, Steve, Blake and Matt. Based on that one chapter, i did not want to stop reading. I can’t wait to play with the tools / images, especially the python code provide. This book is definitely on my wishlist.
Just ordered this on Kindle, but haven’t had the chance to do more than cruise the contents. Looks great and, based on raves from respected individuals, I am looking forward to digging in!
However, I expected to find a link to an ISO for the DVD. Please tell me there is one. Help us move into the future by supporting e-formats for books. Save some trees and promote the other benefits associated with carrying a library in your backpack!
Dave, Wiley and Amazon are working on a way to distribute DVDs and CDs with Kindle books. In the meantime, as requested of other readers above, please send me an email at malwarecookbook at gmail dot com and I’ll get you the files.
I too have been trying to decide on paper or kindle. Unless you recommend otherwise, I will probably go paper if there’s not an easy way to get the DVD material – I don’t think it’s right that half the purchasers of a book should be bothering the authors for the supplementary materials (even though you probably don’t mind).
My two main issues with the kindle version are:
1) You have to send us an email for the DVD link – at least until Wiley+Amazon develop another scheme.
2) Some of the code examples wrap in strange places in the kindle version, due to the size of the kindle device.
On the other hand, the kindle version is nice since you can search the whole text for specific terms etc.
I’ve been contemplating buying the Kindle version over the book myself. I’m glad I checked this site first. Is there now an official DVD .iso or are you still providing the files in another way. If it’s a large download I may go dead tree simply because the download speeds I have with this wireless ISP I’m stuck using for now.
Thanks, looking forward to hearing back from you
Joe
Sorry Joe, missed your comment earlier. There DVD contents are available on google code: http://code.google.com/p/malwarecookbook/source/checkout. If your ISP is slow there’s not much I can do, except since google code lets you download files individually, you can just grab small chunks as needed instead of downloading the entire archive at once.
I wish this book uses more C/C++ samples instead of Python, as most of the time I am working in C/C++ programming.
I purchased this book still, even I knew it contains more Python samples from the Amazon preview page because I hopes to gather other knowledges as well.
I recently purchased the kindle version. There is no access to the DVD and the email address stated above no longer works. How do ya follow along now??
Is there a new address?
The email address works just fine. Its malwarecookbook at gmail dot com. But no need to email anymore, as the tools are online here: http://code.google.com/p/malwarecookbook/source/checkout