Malware Analyst’s Cookbook

Malware Analyst’s Cookbook is written by Michael Ligh, Steven Adair, Blake Harstein, and Matt Richard. It is scheduled for release in September 2010. The nearly 200 recipes (you can think of them as 3-5 page blogs) aim to solve common problems that you’ll encounter while analyzing, reverse-engineering, and investigating malware. The DVD includes full size color images of all figures in the book, evidence files (memory samples, registry hives, etc.) and about 50 custom tools in C/C++, Python and Perl – many of which we’ll also publish on this website after some time. If you have questions, comments, bug fixes, or tool extensions, feel free to drop us a line at malwarecookbook at gmail dot com.

Malware Analyst's Cookbook

Here’s a list of the chapters you can expect to find in the book:

1.   Anonymizing Your Activities
2.   Honeypots
3.   Malware Classification
4.   Sandboxes and Multi-AV Scanners
5.   Domains and IP Addresses
6.   Malicious Documents and URLs
7.   Malware Labs
8.   Automation
9.   Dynamic Analysis
10. Malware Forensics
11. Debugging Malware
12. De-Obfuscation
13. Working with DLLs
14. Kernel Debugging
15. Memory Forensics with Volatility
16. Memory Forensics: Code Injection & Extraction
17. Memory Forensics: Rootkits
18. Memory Forensics: Network and Registry

This entry was posted in Malware Analyst's Cookbook. Bookmark the permalink.

17 Responses to Malware Analyst’s Cookbook

  1. i had the honour to enjoy the book before its official start in november and i really entrust it to everyone who is interested in malware analysis. especially the included DVD with lots of scripts, sample malware images and videos for each chapter make it the best book of this type so far.

  2. Ken Pryor says:

    I pre-ordered and got my copy a couple days ago. I got started reading it yesterday and really liking it. I can see I’m going to learn a lot from your work. Thanks!

  3. Zidane says:

    I recently purchased this book as e-book in kindle. How do I get access to the material that was on DVD. No information available in relation to material on DVD even though part of purchase. A link would be great. If you need proof of purchase please provide an email address. Thanks

  4. mhl says:

    Zidane, please send me a message at malwarecookbook at gmail dot com. Neither the publisher nor Amazon have a way to distribute the DVD contents with kindle purchases, but I can get you the files.

  5. Rafael says:

    I have purchased the Ipad Kindle version during the lunch and could not stop reading. This book is great. I have just ordered 7 other printed copies to my lab. It Will be obligatory readin in my company’s forensic lab.

  6. Curt Wilson says:

    An excellent book. To fill in knowledge gaps, I decided to read and interact with the book cover to cover. So far I’ve read over 100 pages and skimmed other sections. An excellent book for reference and for learning, featuring new, relevant and cutting edge techniques and examples. This is not a book looking at threats from a decade ago like some others. This is a book who’s time is NOW. In addition, a stellar team of authors makes this book a must-have braindump.

  7. Mburu says:

    After hanging out at a boarders bookstore this weekend, i decided to glance the first chapter of this book, “Anonymizing Your Activities”. I have to hand it to Michael, Steve, Blake and Matt. Based on that one chapter, i did not want to stop reading. I can’t wait to play with the tools / images, especially the python code provide. This book is definitely on my wishlist.

  8. Dave Schulhoff says:

    Just ordered this on Kindle, but haven’t had the chance to do more than cruise the contents. Looks great and, based on raves from respected individuals, I am looking forward to digging in!

    However, I expected to find a link to an ISO for the DVD. Please tell me there is one. Help us move into the future by supporting e-formats for books. Save some trees and promote the other benefits associated with carrying a library in your backpack!

  9. mhl says:

    Dave, Wiley and Amazon are working on a way to distribute DVDs and CDs with Kindle books. In the meantime, as requested of other readers above, please send me an email at malwarecookbook at gmail dot com and I’ll get you the files.

    • Colin says:

      I too have been trying to decide on paper or kindle. Unless you recommend otherwise, I will probably go paper if there’s not an easy way to get the DVD material – I don’t think it’s right that half the purchasers of a book should be bothering the authors for the supplementary materials (even though you probably don’t mind).

      • mhl says:

        My two main issues with the kindle version are:

        1) You have to send us an email for the DVD link – at least until Wiley+Amazon develop another scheme.
        2) Some of the code examples wrap in strange places in the kindle version, due to the size of the kindle device.

        On the other hand, the kindle version is nice since you can search the whole text for specific terms etc.

  10. Joe Ryan says:

    I’ve been contemplating buying the Kindle version over the book myself. I’m glad I checked this site first. Is there now an official DVD .iso or are you still providing the files in another way. If it’s a large download I may go dead tree simply because the download speeds I have with this wireless ISP I’m stuck using for now.

    Thanks, looking forward to hearing back from you

  11. Ricky Gai says:

    I wish this book uses more C/C++ samples instead of Python, as most of the time I am working in C/C++ programming.

    I purchased this book still, even I knew it contains more Python samples from the Amazon preview page because I hopes to gather other knowledges as well.

  12. Doug says:

    I recently purchased the kindle version. There is no access to the DVD and the email address stated above no longer works. How do ya follow along now??

    Is there a new address?

  13. mhl says:

    The email address works just fine. Its malwarecookbook at gmail dot com. But no need to email anymore, as the tools are online here:

Leave a Reply