- Paperback: 912 pages
- Publisher: Wiley; 1 edition (July 28, 2014)
- Language: English
- ISBN-10: 1118825098
- ISBN-13: 978-1118825099
- Product Dimensions: 7.3 x 1.7 x 9.2 inches
- Shipping Weight: 3.2 pounds (View shipping rates and policies)
- Average Customer Review: 40 customer reviews
- Amazon Best Sellers Rank: #136,712 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Fulfillment by Amazon (FBA) is a service we offer sellers that lets them store their products in Amazon's fulfillment centers, and we directly pack, ship, and provide customer service for these products. Something we hope you'll especially enjoy: FBA items qualify for FREE Shipping and Amazon Prime.
If you're a seller, Fulfillment by Amazon can help you increase your sales. We invite you to learn more about Fulfillment by Amazon .
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
From the Back Cover
SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OFDIGITAL ATTACKS
The Art of Memory Forensics, a follow-up to thebestselling Malware Analyst’s Cookbook, is a practicalguide to the rapidly emerging investigative technique for digitalforensics, incident response, and law enforcement. Memory forensicshas become a must-have skill for combating the next era of advancedmalware, targeted attacks, security breaches, and online crime. Asbreaches and attacks become more sophisticated, analyzing volatilememory becomes ever more critical to the investigative process.This book provides a comprehensive guide to performing memoryforensics for Windows, Linux, and Mac systems, including x64architectures. Based on the authors’ popular training course,coverage includes memory acquisition, rootkits, tracking useractivity, and more, plus case studies that illustrate thereal-world application of the techniques presented. Bonus materialsinclude industry-applicable exercises, sample memory dumps, andcutting-edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digitalcrimes. Conventional incident response often overlooks volatilememory, which contains crucial information that can prove ordisprove the system’s involvement in a crime, and can evendestroy it completely. By implementing memory forensics techniques,analysts are able to preserve memory resident artifacts which oftenprovides a more efficient strategy for investigating modernthreats.
In The Art of Memory Forensics, the VolatilityProject’s team of experts provides functional guidance andpractical advice that helps readers to:
- Acquire memory from suspect systems in a forensically soundmanner
- Learn best practices for Windows, Linux, and Mac memoryforensics
- Discover how volatile memory analysis improves digitalinvestigations
- Delineate the proper investigative steps for detecting stealthmalware and advanced threats
- Use free, open source tools to conduct thorough memoryforensics investigations
- Generate timelines, track user activity, find hidden artifacts,and more
The companion website provides exercises for each chapter, plusdata that can be used to test the various memory analysistechniques in the book. Visit our website atwww.wiley.com/go/memoryforensics.
About the Author
Michael Hale-Ligh is author of Malware Analyst's Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer.
Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics.
Jamie Levy is a Senior Researcher and Developer, targeting memory, network, and malware forensics analysis.
AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
So, Wiley, get with it! If you are considering buying this, add your vote in comments and Wiley might listen. I'll update this once we get the code, both with quality of the code and where it can be used. Going over the license so far, it is quite generous, much like GNU with an attribution link, although of course more robust beyond teaching (eg commercial) if you do get permission. The text itself has wonderful, up to date sploit and software info, patches, etc. but the site, for a book this costly, needs to be completed. I'm not recommending you pass on this because of it, but we won't be getting the full value for our purchase, nor will our students, until the site is completed.
REVIEW UPDATE: SEE MICHAEL'S COMMENT ATTACHED TO THIS REVIEW. Although Amazon's automated system generally removes links, the comment gives complete and up to date online resources for this book, as the publisher's link is incomplete, and will not be updated. The publisher promotion of online evidence samples, code, etc. is not wrong or deceptive, it is just on github rather than the publisher's site as indicated. PLEASE VIEW THE COMMENT AND VISIT THE SITES INDICATED IN THE COMMENT BEFORE LEAVING A NEGATIVE REVIEW-- the resources ARE there, just not where advertised. Also, see Michael's other best seller at: Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code.
If you are price conscious, notice that in addition to the generous web resources in the comment (including open source/ freeware), the book is over 900 pages long, and PACKED with practical, use-it-now reference and learning tools. I've already visited the samples, and they are awesome, especially given that they cover the most frequent o/s permutations. Both Windows and Linux give the exact traces indicated, these authors are the real thing.
It's not a comprehensive handbook like Morse and Feshbach. But the current empirical field of memory forensics is not amenable to the kind of structural analysis that can be taught to graduate level physics students. My reason for not rating it five stars is the lack of a theoretical backbone. This is not a computer science book. This is a book about the volatility framework with application to the structure and function of computer memory. It is not a book about data structures or processes. It isn't really forensics, which is the presentation of scientific data and analysis in a court of law.
If you buy the book as a practical handbook of memory forensics, as its authors say, "Art"; you will be pleased. It is a "What do I do now that I have downloaded and typed 'python vol.py.'" I don't know of a better book,