The Art of Memory Forensics Front Cover

The Art of Memory Forensics

  • Length: 912 pages
  • Edition: 1
  • Publisher:
  • Publication Date: 2014-07-28
  • ISBN-10: 1118825098
  • ISBN-13: 9781118825099
  • Sales Rank: #95241 (See Top 100 Books)
Description

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

Memory forensics provides cutting edge technology to help investigate digital attacks

Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.

Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:

  • How volatile memory analysis improves digital investigations
  • Proper investigative steps for detecting stealth malware and advanced threats
  • How to use free, open source tools for conducting thorough memory forensics
  • Ways to acquire memory from suspect systems in a forensically sound manner

The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.

Table of Contents

Part I: An Introduction to Memory Forensics
Chapter 1: Systems Overview
Chapter 2: Data Structures
Chapter 3: The Volatility Framework
Chapter 4: Memory Acquisition

Part II: Windows Memory Forensics
Chapter 5: Windows Objects and Pool Allocations
Chapter 6: Processes, Handles, and Tokens
Chapter 7: Process Memory Internals
Chapter 8: Hunting Malware in Process Memory
Chapter 9: Event Logs
Chapter 10: Registry in Memory
Chapter 11: Networking
Chapter 12: Windows Services
Chapter 13: Kernel Forensics and Rootkits
Chapter 14: Windows GUI Subsystem, Part I
Chapter 15: Windows GUI Subsystem, Part II
Chapter 16: Disk Artifacts in Memory
Chapter 17: Event Reconstruction
Chapter 18: Timelining

Part III: Linux Memory Forensics
Chapter 19: Linux Memory Acquisition
Chapter 20: Linux Operating System
Chapter 21: Processes and Process Memory
Chapter 22: Networking Artifacts
Chapter 23: Kernel Memory Artifacts
Chapter 24: File Systems in Memory
Chapter 25: Userland Rootkits
Chapter 26: Kernel Mode Rootkits
Chapter 27: Case Study: Phalanx2

Part IV: Mac Memory Forensics
Chapter 28: Mac Acquisition and Internals
Chapter 29: Mac Memory Overview
Chapter 30: Malicious Code and Rootkits
Chapter 31: Tracking User Activity

To access the link, solve the captcha.