| Description |
1 online resource (xxiii, 886 pages) : illustrations |
| Bibliography |
Includes index. |
| Contents |
I. An introduction to memory forensics ; Systems overview -- Data structures -- The volatility framework -- Memory acquisition -- II. Windows memory forensics ; Windows objects and pool allocations -- Processes, handles, and tokens -- Process memory internals -- Hunting malware in process memory -- Event logs -- Registry in memory -- Networking -- Windows services -- Kernel forensics and rootkits -- Windows GUI subsystem, part I -- Windows GUI subsystem, part II -- Disk artifacts in memory -- Event reconstruction -- Timelining -- III. Linux memory forensics ; Linux memory acquisition -- Linux operating system -- Processes and process memory -- Networking artifacts -- Kernel memory artifacts -- File systems in memory -- Userland rootkits -- Kernel mode rootkits -- Case study : Phalanx2 -- IV. Mac memory forensics ; Mac acquisition and internals -- Mac memory overview -- Malicious code and rootkits -- Tracking user activity. |
| Summary |
"The Art of Memory Forensics" is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors' popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software. Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system's involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats. |
| Subject |
Computer networks -- Security measures.
|
|
Computer storage devices -- Security measures.
|
|
Malware (Computer software)
|
|
Computer security.
|
|
Computer crimes.
|
|
Computer Security |
|
Réseaux d'ordinateurs -- Sécurité -- Mesures. |
|
Ordinateurs -- Mémoires -- Sécurité -- Mesures. |
|
Logiciels malveillants. |
|
Sécurité informatique. |
|
Criminalité informatique. |
|
Computer crimes |
|
Computer networks -- Security measures |
|
Computer security |
|
Malware (Computer software) |
| Added Author |
Case, Andrew (Digital forensics researcher), author.
|
|
Levy, Jamie. author.
|
|
Walters, Aaron. author.
|
| Added Title |
Detecting malware and threats in Windows, Linux, and Mac memory |
| ISBN |
9781118824993 |
|
1118824997 |
|
1118825098 |
|
9781118825099 |
|
More Resources