Malware Forensics

Abstract

This chapter explores the legal regulatory and discusses some of the requirements or limitations that may govern the access, preservation, collection, and movement of data and digital artifacts uncovered during Malware forensic investigations. Digital investigators, unlike security vendors, researchers, and academics, often wade through a different legal and regulatory landscape when conducting Malware analysis for investigative purposes, particularly where a corporate or individual victim's pursuit of a civil or criminal remedy serves the ultimate end game. The goal provided is assistance in thinking about how best to gather Malware forensic evidence in a way that is reliable, repeatable, and ultimately admissible. Because the legal and regulatory landscape surrounding sound methodologies and best practices is admittedly complicated and often unclear, one should identify and retain appropriate legal counsel and obtain necessary legal advice before conducting any Malware forensic investigation. Framing and re-framing investigative objectives and goals early and often remain the keys to any successful investigation.