The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

Name: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Rating: 5 (5 reviews)

Michael Hale Ligh · Andrew Case · Jamie Levy · AAron Walters

Jul 2014 · John Wiley & Sons

5.0

5 reviews

Ebook

912

Pages

About this ebook

Memory forensics provides cutting edge technology to help investigate digital attacks

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:

How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner

The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

Ratings and reviews

5.0

5 reviews

Nvint Support

September 29, 2014

This is a must read for anyone in incident response, digital forensics, reverse engineer malware, security, any anyone else looking to learn deep operating system internal knowledge and how It works with memory. This is written by the people that have been pioneering research in memory forensics for years and writing the best open source tools to handle any investigation. It dives into the pros and cons for everything ranging from acquisition methods to advanced analysis techniques on Windows, Linux and Mac systems. As many have stated in other reviews is that this book will be open on your desk constantly as a reference for investigations. It even gives the reader a deep insight onto the internals of volatility which will help anyone looking to develop more plugins for the most popular memory forensics tool available. Not only is it almost 900 pages but it has 3x more in referenced material online that they just couldn't fit into the book giving it the best value possible. After reading this book the only way you could learn any more about memory forensics would to be to take their class and get challenged on the concepts presented throughout the book. This is A MUST HAVE!!!

Rob

September 29, 2014

Easily the (next) reference book to come for years. Outstanding material, this book offers an in-depth, in-depth approach to memory analysis. Filled with post-it notes, the amount of information and sheer size of this book put all other books on the shelf to shame.

A Google user

January 6, 2017

Liked

About the author

Michael Hale-Ligh is author of Malware Analyst's Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer.

Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics.

Jamie Levy is a Senior Researcher and Developer, targeting memory, network, and malware forensics analysis.

AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.

Reading information

Smartphones and tablets

Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.

Laptops and computers

You can listen to audiobooks purchased on Google Play using your computer's web browser.

eReaders and other devices

To read on e-ink devices like Kobo eReaders, you'll need to download a file and transfer it to your device. Follow the detailed Help Center instructions to transfer the files to supported eReaders.