Buy new:
-19% $55.99
FREE delivery Tuesday, July 23
Ships from: Amazon.com
Sold by: Amazon.com
$55.99 with 19 percent savings
List Price: $69.00

The List Price is the suggested retail price of a new product as provided by a manufacturer, supplier, or seller. Except for books, Amazon will display a List Price if the product was purchased by customers on Amazon or offered by other retailers at or above the List Price in at least the past 90 days. List prices may not necessarily reflect the product's prevailing market price.
Learn more
FREE Returns
FREE delivery Tuesday, July 23. Order within 10 hrs 57 mins
Only 19 left in stock (more on the way).
$$55.99 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$55.99
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Ships from
Amazon.com
Ships from
Amazon.com
Sold by
Amazon.com
Sold by
Amazon.com
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
Eligible for Return, Refund or Replacement within 30 days of receipt
This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.
Read full return policy
Returns
Eligible for Return, Refund or Replacement within 30 days of receipt
This item can be returned in its original condition for a full refund or replacement within 30 days of receipt.
Read full return policy
Payment
Secure transaction
Your transaction is secure
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Payment
Secure transaction
We work hard to protect your security and privacy. Our payment security system encrypts your information during transmission. We don’t share your credit card details with third-party sellers, and we don’t sell your information to others. Learn more
Support
Product support included
What's Product Support?
In the event your product doesn't work as expected or you need help using it, Amazon offers free product support options such as live phone/chat with an Amazon associate, manufacturer contact information, step-by-step troubleshooting guides, and help videos. By solving product issues, we help the planet by extending the life of products. Availability of support options differ by product and country. Learn more
Support
Product support included
In the event your product doesn't work as expected or you need help using it, Amazon offers free product support options such as live phone/chat with an Amazon associate, manufacturer contact information, step-by-step troubleshooting guides, and help videos. By solving product issues, we help the planet by extending the life of products. Availability of support options differ by product and country. Learn more
$40.99
FREE Returns
This item has light wear, is in very good condition and works perfectly! Your satisfaction is guaranteed! This item has light wear, is in very good condition and works perfectly! Your satisfaction is guaranteed! See less
FREE delivery Wednesday, July 24. Order within 10 hrs 57 mins
Only 1 left in stock - order soon.
$$55.99 () Includes selected options. Includes initial monthly payment and selected options. Details
Price
Subtotal
$$55.99
Subtotal
Initial payment breakdown
Shipping cost, delivery date, and order total (including tax) shown at checkout.
Access codes and supplements are not guaranteed with used items.
Kindle app logo image

Download the free Kindle app and start reading Kindle books instantly on your smartphone, tablet, or computer - no Kindle device required.

Read instantly on your browser with Kindle for Web.

Using your mobile phone camera - scan the code below and download the Kindle app.

QR code to download the Kindle App

Follow the authors

See all
Michael Ligh
Follow
Andrew Case
Follow
Something went wrong. Please try your request again later.

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition

by Michael Hale Ligh (Author), Andrew Case (Author), Jamie Levy (Author),
4.7 4.7 out of 5 stars 207 ratings
See all formats and editions
{"desktop_buybox_group_1":[{"displayPrice":"$55.99","priceAmount":55.99,"currencySymbol":"$","integerValue":"55","decimalSeparator":".","fractionalValue":"99","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"o4Yq4PdWebv%2FTS%2BYz9p5F3AqOAucvmgZK2cZOmlQ43UVBw63NfUtw%2Bjjf%2BoYUFjfIOIdpQZ6C1RVbvx6s0HKqw8UQt4ovvCuj00sP3eDa1pBZcSIeOFeEmwkXleEhlxm1NXXd1Dn2IY3haq8FTgPEw%3D%3D","locale":"en-US","buyingOptionType":"NEW","aapiBuyingOptionIndex":0}, {"displayPrice":"$40.99","priceAmount":40.99,"currencySymbol":"$","integerValue":"40","decimalSeparator":".","fractionalValue":"99","symbolPosition":"left","hasSpace":false,"showFractionalPartIfEmpty":true,"offerListingId":"o4Yq4PdWebv%2FTS%2BYz9p5F3AqOAucvmgZO41%2BKSUHJgIC%2BK8AUCdVqGBMEJ%2BAFDu8LyrHXHmZ9TcsQjNRVJXFP%2FVwmmpbvpOepsdmMZcLZem%2F%2Bzdwc6Eh%2FvvHuQK0OzbKe5D9hFtb%2FdZF%2BxUdMXe%2BQrnMqmB7LNlEB5T%2BUQuMHrlWPJz1cZTZ2g%3D%3D","locale":"en-US","buyingOptionType":"USED","aapiBuyingOptionIndex":1}]}

Purchase options and add-ons

Memory forensics provides cutting edge technology to help investigate digital attacks

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst's Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics―now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:

  • How volatile memory analysis improves digital investigations
  • Proper investigative steps for detecting stealth malware and advanced threats
  • How to use free, open source tools for conducting thorough memory forensics
  • Ways to acquire memory from suspect systems in a forensically sound manner

The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

Previous slide of product details
  1. ISBN-10
    1118825098
  2. ISBN-13
    978-1118825099
  3. Edition
    1st
  4. Publisher
    Wiley
  5. Publication date
    July 28, 2014
  6. Language
    English
  7. Dimensions
    7.3 x 1.9 x 9.2 inches
  8. Print length
    912 pages
  9. See all details
Next slide of product details
Amazon First Reads | Editors' picks at exclusive prices

Frequently bought together

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
$55.99
Get it as soon as Tuesday, Jul 23
Only 19 left in stock (more on the way).
Ships from and sold by Amazon.com.
+
Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software
$41.30
Get it as soon as Wednesday, Jul 24
In Stock
Ships from and sold by Amazon.com.
+
Practical Reverse Engineering: x86, x64, ARM, Windows Kernel, Reversing Tools, and Obfuscation
$34.80
Get it as soon as Wednesday, Jul 24
Only 20 left in stock (more on the way).
Ships from and sold by Amazon.com.
Total price:
To see our price, add these items to your cart.
Details
Added to Cart
spCSRF_Control
Some of these items ship sooner than the others.
Show details Hide details
Choose items to buy together.

Editorial Reviews

From the Inside Flap

SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS

The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst’s Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.

Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.

In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:

  • Acquire memory from suspect systems in a forensically sound manner
  • Learn best practices for Windows, Linux, and Mac memory forensics
  • Discover how volatile memory analysis improves digital investigations
  • Delineate the proper investigative steps for detecting stealth malware and advanced threats
  • Use free, open source tools to conduct thorough memory forensics investigations
  • Generate timelines, track user activity, find hidden artifacts, and more

The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.

From the Back Cover

SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS

The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst’s Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.

Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.

In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:

  • Acquire memory from suspect systems in a forensically sound manner
  • Learn best practices for Windows, Linux, and Mac memory forensics
  • Discover how volatile memory analysis improves digital investigations
  • Delineate the proper investigative steps for detecting stealth malware and advanced threats
  • Use free, open source tools to conduct thorough memory forensics investigations
  • Generate timelines, track user activity, find hidden artifacts, and more

The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.

Product details

  • Publisher ‏ : ‎ Wiley; 1st edition (July 28, 2014)
  • Language ‏ : ‎ English
  • Paperback ‏ : ‎ 912 pages
  • ISBN-10 ‏ : ‎ 1118825098
  • ISBN-13 ‏ : ‎ 978-1118825099
  • Item Weight ‏ : ‎ 3.65 pounds
  • Dimensions ‏ : ‎ 7.3 x 1.9 x 9.2 inches
  • Customer Reviews:
    4.7 4.7 out of 5 stars 207 ratings

About the authors

Follow authors to get new release updates, plus improved recommendations.
Previous page
  1. Jamie Levy

    Jamie Levy

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Jamie Levy is a senior researcher and developer with the Volatility Foundation. She worked on various R&D projects and forensic cases while previously working at Guidance Software, Inc. Jamie has taught classes in Computer Forensics and Computer Science at Queens College (CUNY) and John Jay College (CUNY). She has an MS in Forensic Computing from John Jay College and is an avid contributor to the open source Computer Forensics community. She is an active developer on the Volatility Framework. Jamie has authored peer-reviewed conference publications and presented at conferences (OMFW, CEIC, IEEE ICC) on the topics of memory, network, and malware forensics analysis. Websites: http://gleeda.blogspot.com.

    See more on the author's page
  2. Andrew Case

    Andrew Case

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Discover more of the author’s books, see similar authors, read author blogs and more

    See more on the author's page
  3. Aaron Walters

    Aaron Walters

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Discover more of the author’s books, see similar authors, read author blogs and more

    See more on the author's page
  4. Michael Ligh

    Michael Ligh

    Brief content visible, double tap to read full content.
    Full content visible, double tap to read brief content.

    Discover more of the author’s books, see similar authors, read author blogs and more

    See more on the author's page
Next page

Customer reviews

4.7 out of 5 stars
4.7 out of 5
207 global ratings

Customers say

Customers find the book has a lot of information and practical, use-it-now references. They also describe the reading experience as good and say the writing style is well-written, well-organized, and outstanding.

AI-generated from the text of customer reviews

Select to learn more
ContentReading experienceWriting style
20 customers mention "Content"20 positive0 negative

Customers find the book has a lot of information, good explanations, and an in-depth approach to memory analysis. They also say it's a great text book that's packed with practical examples and use-it-now references. Readers also mention that the book allows analysts to better understand multiple OS data and memory structures.

"...seen any book covering these many details, this is one book for everything on memory forensics. This definitely should be the Book of the Year...." Read more

"...the book is over 900 pages long, and PACKED with practical, use-it-now reference and learning tools...." Read more

"...Thanks to one of the most well-organized, well-written, and informative I.T. books I have ever read, I was able to effectively isolate this piece of..." Read more

"...It covers a very technical subject at a level that those new to the subject can understand while providing enough detail to deeply engage advanced..." Read more

14 customers mention "Reading experience"14 positive0 negative

Customers find the book good, but they advise caution when buying from Amazon.

"This book is one of the best book i have read in recent years...." Read more

"The Art of Memory Forensics is one of the best written and edited tech books I have read...." Read more

"A great text book. Classroom material, comprehensive. One of the best books in the digital forensics space and the most detailed book in the..." Read more

"Good book. It was a lot of information...." Read more

6 customers mention "Writing style"6 positive0 negative

Customers find the writing style well-written, well-structured, and outstanding.

"...The book is very well structured it covers the internals of the Operating System and then the authors explain how the structures are used by the..." Read more

"...The text itself has wonderful, up to date sploit and software info, patches, etc. but the site, for a book this costly, needs to be completed...." Read more

"...Thanks to one of the most well-organized, well-written, and informative I.T. books I have ever read, I was able to effectively isolate this piece of..." Read more

"...The book is an essential reference, reasonably complete and well written...." Read more

Buyer beware with Amazon.
2 out of 5 stars
Buyer beware with Amazon.
The book is good, it's Amazon that's to be cautious of. The entire book arrived torn up like the warehouse workers threw it across the warehouse before putting it in a shipping box.
Hide
Thank you for your feedback
Sorry, there was an error
Sorry we couldn't load the review

Top reviews from the United States

Monnappa
5.0 out of 5 stars The Best Book Ever and You will never put it down
Reviewed in the United States on November 14, 2014
Verified Purchase
This book is one of the best book i have read in recent years. This is a book for anyone in the field of Incident Response, Malware Analysis, Reverse Engineering and Digital Forensics. This book is written by the Core Developers of Volatility and pioneers in the field of memory forensics.The book is very well structured it covers the internals of the Operating System and then the authors explain how the structures are used by the plugins, the authors also show how these plugins can be run against the memory images with real case examples to identify forensic artifacts. In many cases the authors show how to access the operating system structures programmatically using the volshell, this can help in writing your own plugins and also the author references various external sources where you can find more information on a specific topic. The book covers many creative techniques that you can apply in the real world and it also covers information on the Anti-Forensics techniques and how to detect them by cross referencing them with different plugins/data sources. The amount of detail explained in the book shows the knowledge and amount of research the authors have done in this field and the effort the authors have put in to write this book and the Volatility plugins. In short After reading this book you will understand how the operating system works, how the Volatility works, how malware works, how memory forensics work, how to identify the malware and forensic artifacts using memory forensics, how to write your own plugin. I have never seen any book covering these many details, this is one book for everything on memory forensics. This definitely should be the Book of the Year. If there was an option of giving this book ten stars, i would give it ten stars.
4 people found this helpful
Helpful
 Report
Amazon Customer
5.0 out of 5 stars Outstanding Text Needs Additional Web Resources
Reviewed in the United States on September 18, 2014
Verified Purchase
At this writing (Fall 2014) the Wiley instructor companion website is not up to Wiley standards (yet). I wanted to test the code for this review, but the code section on the site only defaults to the creative commons license (both the code and license links). Same with all the chapters, they only display commons, a strawman syllabus and an intro letter. They only resource that is already up is the Powerpoint presentation, and at over 100 pages it is simply OUTSTANDING, which whets the appetite even more for the rest of the outlines, solutions, code, and much more.

So, Wiley, get with it! If you are considering buying this, add your vote in comments and Wiley might listen. I'll update this once we get the code, both with quality of the code and where it can be used. Going over the license so far, it is quite generous, much like GNU with an attribution link, although of course more robust beyond teaching (eg commercial) if you do get permission. The text itself has wonderful, up to date sploit and software info, patches, etc. but the site, for a book this costly, needs to be completed. I'm not recommending you pass on this because of it, but we won't be getting the full value for our purchase, nor will our students, until the site is completed.

REVIEW UPDATE: SEE MICHAEL'S COMMENT ATTACHED TO THIS REVIEW. Although Amazon's automated system generally removes links, the comment gives complete and up to date online resources for this book, as the publisher's link is incomplete, and will not be updated. The publisher promotion of online evidence samples, code, etc. is not wrong or deceptive, it is just on github rather than the publisher's site as indicated. PLEASE VIEW THE COMMENT AND VISIT THE SITES INDICATED IN THE COMMENT BEFORE LEAVING A NEGATIVE REVIEW-- the resources ARE there, just not where advertised. Also, see Michael's other best seller at:  Malware Analyst's Cookbook and DVD: Tools and Techniques for Fighting Malicious Code .

If you are price conscious, notice that in addition to the generous web resources in the comment (including open source/ freeware), the book is over 900 pages long, and PACKED with practical, use-it-now reference and learning tools. I've already visited the samples, and they are awesome, especially given that they cover the most frequent o/s permutations. Both Windows and Linux give the exact traces indicated, these authors are the real thing.
17 people found this helpful
Helpful
 Report
David C. Malone
5.0 out of 5 stars Invaluable
Reviewed in the United States on February 23, 2015
Verified Purchase
I have worked in I.T. for 15 years - in Windows system administration, database administration, and utility software development. About one month ago I started reading heavily on security, and planned for 2015 a shift in career focus to that discipline. So I bought this book and began to read. This had immediate payoff just 2 days ago when I noticed an email from our security team that an IDS had detected a possible Trojan signature on one of our servers. Another analyst ran a full AV scan, and when she found nothing, the email thread dried up. Not so convinced (I had just read the fact on Mandiant's website that "100% of victims had up-to-date AV software), I triggered a complete memory dump on the server using LiveKD and began working on it with WinDbg commands and Volatility Framework. Within the first few hours, it appeared that there certainly looked to be a rootkit-like presence, but with my limited security knowledge and, even though I debug a kernel dump every now and then, I don't usually look at things like the IDT 2e entry, etc. However, 15 hours into researching my first real-life production issue, I completely narrowed down the source and contacted the security team and account management. This server would have continued to operate under the radar with the standard tools continually missing the malware's presence and caused who knows what problems. Thanks to one of the most well-organized, well-written, and informative I.T. books I have ever read, I was able to effectively isolate this piece of malware. This book is an absolute must for anyone even employed in I.T. with responsibilities over safeguarding company networks and infrastructure, and (unfortunately) these days, should probably be employed by anyone at all that plugs in an Ethernet cable or attaches to Wi-Fi! Outstanding material - thanks very much.
69 people found this helpful
Helpful
 Report

Top reviews from other countries

Translate all reviews to English
Eliana N. Vale
5.0 out of 5 stars Livro foi comprado para presente
Reviewed in Brazil on May 4, 2021
Verified Purchase
Parece ser muito bom; foi indicado por um especialista na área
Report
The Mind
5.0 out of 5 stars Good book
Reviewed in India on August 9, 2022
Verified Purchase
Nice content
Report
Lucas
5.0 out of 5 stars Très bon livre
Reviewed in France on August 30, 2021
Verified Purchase
Un très bon livre, mais pour bien l’apprécier, il faudra malgré tout avoir une bonne base technique
Report
Mancini Michele
5.0 out of 5 stars Best book
Reviewed in Italy on August 18, 2021
Verified Purchase
beautiful book, the best!
Report
Derek Armstrong
5.0 out of 5 stars If you do any kind of forensics, you need ...
Reviewed in Canada on July 30, 2017
Verified Purchase
If you do any kind of forensics, you need memory forensics. And this book is the current bible for it. I have learned more from this book than any other in digital security.
Report