Chapter 2

Linux Memory Forensics

Analyzing Physical and Process Memory Dumps for Malware Artifacts

Solutions in this Chapter:

• Memory Forensics Overview

• Old School Memory Analysis

• How Linux Memory Forensics Tools Work

• Linux Memory Forensics Tools

• Interpreting Various Data Structures in Linux Memory

• Dumping Linux Process Memory

• Analyzing Linux Process Memory

Introduction

The importance of memory forensics in malware investigations cannot be overstated. A complete capture of memory on a compromised computer generally bypasses the methods that malware use to trick operating systems, providing digital investigators with a more comprehensive view of the malware. In some cases, malware leaves little trace elsewhere on the compromised ...

Get Malware Forensics Field Guide for Linux Systems now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Malware Forensics Field Guide for Linux Systems by Eoghan Casey, Cameron H. Malin, James M. Aquilina

Linux Memory Forensics

Analyzing Physical and Process Memory Dumps for Malware Artifacts

Solutions in this Chapter:

Introduction

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly