The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

· · ·
· John Wiley & Sons
5 reviews

About this ebook

Memory forensics provides cutting edge technology to help investigate digital attacks

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:

  • How volatile memory analysis improves digital investigations
  • Proper investigative steps for detecting stealth malware and advanced threats
  • How to use free, open source tools for conducting thorough memory forensics
  • Ways to acquire memory from suspect systems in a forensically sound manner

The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

Ratings and reviews

5 reviews
September 29, 2014
Easily the (next) reference book to come for years. Outstanding material, this book offers an in-depth, in-depth approach to memory analysis. Filled with post-it notes, the amount of information and sheer size of this book put all other books on the shelf to shame.
Nvint Support
September 29, 2014
This is a must read for anyone in incident response, digital forensics, reverse engineer malware, security, any anyone else looking to learn deep operating system internal knowledge and how It works with memory. This is written by the people that have been pioneering research in memory forensics for years and writing the best open source tools to handle any investigation. It dives into the pros and cons for everything ranging from acquisition methods to advanced analysis techniques on Windows, Linux and Mac systems. As many have stated in other reviews is that this book will be open on your desk constantly as a reference for investigations. It even gives the reader a deep insight onto the internals of volatility which will help anyone looking to develop more plugins for the most popular memory forensics tool available. Not only is it almost 900 pages but it has 3x more in referenced material online that they just couldn't fit into the book giving it the best value possible. After reading this book the only way you could learn any more about memory forensics would to be to take their class and get challenged on the concepts presented throughout the book. This is A MUST HAVE!!!
A Google user
January 6, 2017

About the author

Michael Hale-Ligh is author of Malware Analyst's Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer.

Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics.

Jamie Levy is a Senior Researcher and Developer, targeting memory, network, and malware forensics analysis.

AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.

Reading information

Smartphones and tablets
Install the Google Play Books app for Android and iPad/iPhone. It syncs automatically with your account and allows you to read online or offline wherever you are.
Laptops and computers
You can listen to audiobooks purchased on Google Play using your computer's web browser.
eReaders and other devices
To read on e-ink devices like Kobo eReaders, you'll need to download a file and transfer it to your device. Follow the detailed Help Center instructions to transfer the files to supported eReaders.