Book description
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Table of contents
- Introduction
- Part I: An Introduction to Memory Forensics
-
Part II: Windows Memory Forensics
- Chapter 5: Windows Objects and Pool Allocations
- Chapter 6: Processes, Handles, and Tokens
- Chapter 7: Process Memory Internals
- Chapter 8: Hunting Malware in Process Memory
- Chapter 9: Event Logs
- Chapter 10: Registry in Memory
- Chapter 11: Networking
- Chapter 12: Windows Services
- Chapter 13: Kernel Forensics and Rootkits
- Chapter 14: Windows GUI Subsystem, Part I
- Chapter 15: Windows GUI Subsystem, Part II
- Chapter 16: Disk Artifacts in Memory
- Chapter 17: Event Reconstruction
- Chapter 18: Timelining
-
Part III: Linux Memory Forensics
- Chapter 19: Linux Memory Acquisition
- Chapter 20: Linux Operating System
- Chapter 21: Processes and Process Memory
- Chapter 22: Networking Artifacts
- Chapter 23: Kernel Memory Artifacts
- Chapter 24: File Systems in Memory
- Chapter 25: Userland Rootkits
- Chapter 26: Kernel Mode Rootkits
- Chapter 27: Case Study: Phalanx2
- Part IV: Mac Memory Forensics
- Titlepage
- Copyright
- Dedication
- About the Authors
- About the Technical Editors
- Acknowledgments
- Credits
- End-User License Agreement
Product information
- Title: The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
- Author(s):
- Release date: July 2014
- Publisher(s): Wiley
- ISBN: 9781118825099
You might also like
book
Learn Computer Forensics - Second Edition
Learn Computer Forensics from a veteran investigator and technical trainer and explore how to properly document …
book
Linux Basics for Hackers
If you’re getting started along the exciting path of hacking, cybersecurity, and pentesting, Linux Basics for …
book
Hands-on Booting: Learn the Boot Process of Linux, Windows, and Unix
Master the booting procedure of various operating systems with in-depth analysis of bootloaders and firmware. The …
book
Mastering Linux Security and Hardening - Second Edition
A comprehensive guide to securing your Linux system against cyberattacks and intruders Key Features Deliver a …