O'Reilly logo

Malware Forensics Field Guide for Windows Systems by James M. Aquilina, Eoghan Casey, Cameron H. Malin

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 2

Memory Forensics

Analyzing Physical and Process Memory Dumps for Malware Artifacts

Solutions in this chapter:

• Memory Forensics Overview

• Old School Memory Analysis

• How Windows Memory Forensic Tools Work

• Windows Memory Forensic Tools

• Dumping Windows Process Memory

• Dissecting Windows Process Memory

Introduction

The importance of memory forensics in malware investigations cannot be overstated. A complete capture of memory on a compromised computer generally bypasses the methods that malware uses to trick operating systems, providing digital investigators with a more comprehensive view of the malware. In some cases, malware leaves little trace elsewhere on the compromised system and the only clear indications of compromise ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required