- Paperback: 912 pages
- Publisher: Wiley; 1 edition (July 28, 2014)
- Language: English
- ISBN-10: 1118825098
- ISBN-13: 978-1118825099
- Product Dimensions: 7.3 x 1.7 x 9.2 inches
- Shipping Weight: 3.2 pounds (View shipping rates and policies)
- Average Customer Review: 38 customer reviews
- Amazon Best Sellers Rank: #74,337 in Books (See Top 100 in Books)
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
The Amazon Book Review
Author interviews, book reviews, editors picks, and more. Read it now
Frequently bought together
Customers who bought this item also bought
From the Back Cover
SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS
The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst’s Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.
In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:
- Acquire memory from suspect systems in a forensically sound manner
- Learn best practices for Windows, Linux, and Mac memory forensics
- Discover how volatile memory analysis improves digital investigations
- Delineate the proper investigative steps for detecting stealth malware and advanced threats
- Use free, open source tools to conduct thorough memory forensics investigations
- Generate timelines, track user activity, find hidden artifacts, and more
The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.
About the Author
Michael Hale-Ligh is author of Malware Analyst's Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer.
Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics.
Jamie Levy is a Senior Researcher and Developer, targeting memory, network, and malware forensics analysis.
AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.
Top customer reviews
AOMF has over 450 pages dedicated to Windows forensic analysis. While there is a primary focus memory, the authors do a fantastic job of explaining technical analysis concepts around critical areas including the Windows Registry, Event logs, Services, Networking, timelining, kernel level artifacts and much more.
AOMF also covers Linux and OSX, which are two OS’s that are utilized more frequently and require deep-dive analysis today. The memory analysis chapters in these sections provide a solid resource for those interested in understanding more about investigating the bowels of what goes on behind the scenes with regards to unique Linux and OSX files, filesystems, processes, networking and unique userland/kernel artifacts for starters.
Finally, AOMF serves as a verbose educational resource for both professors and students. This is the primary/sole resource I will be leveraging, using labs from and referencing as a graduate level memory forensics professor starting next month.
It's not a comprehensive handbook like Morse and Feshbach. But the current empirical field of memory forensics is not amenable to the kind of structural analysis that can be taught to graduate level physics students. My reason for not rating it five stars is the lack of a theoretical backbone. This is not a computer science book. This is a book about the volatility framework with application to the structure and function of computer memory. It is not a book about data structures or processes. It isn't really forensics, which is the presentation of scientific data and analysis in a court of law.
If you buy the book as a practical handbook of memory forensics, as its authors say, "Art"; you will be pleased. It is a "What do I do now that I have downloaded and typed 'python vol.py.'" I don't know of a better book,