You're reading from Practical Memory Forensics Jumpstart effective forensic analysis of volatile memory

Product type Paperback

Published in Mar 2022

Publisher Packt

ISBN-13 9781801070331

Length 304 pages

Edition 1st Edition

Tools

Linux

Concepts

Forensics

Authors (2):

Oleg Skulkin

Svetlana Ostrovskaya

View More author details

Table of Contents (17) Chapters

Preface

1. Section 1: Basics of Memory Forensics

2. Chapter 1: Why Memory Forensics? FREE CHAPTER

3. Chapter 2: Acquisition Process

4. Section 2: Windows Forensic Analysis

5. Chapter 3: Windows Memory Acquisition

6. Chapter 4: Reconstructing User Activity with Windows Memory Forensics

7. Chapter 5: Malware Detection and Analysis with Windows Memory Forensics

8. Chapter 6: Alternative Sources of Volatile Memory

9. Section 3: Linux Forensic Analysis

10. Chapter 7: Linux Memory Acquisition

11. Chapter 8: User Activity Reconstruction

12. Chapter 9: Malicious Activity Detection

13. Section 4: macOS Forensic Analysis

14. Chapter 10: MacOS Memory Acquisition

15. Chapter 11: Malware Detection and Analysis with macOS Memory Forensics

16. Other Books You May Enjoy

Preface

Memory forensics is a powerful analysis technique that could be used in different areas from incident response to malware analysis. For an experienced investigator, memory is an essential source of valuable data. Memory forensics not only provides key insights into the user's context and allows you to look for unique traces of malware, but also, in some cases, helps to piece together the puzzle of a sophisticated targeted attack.

This book will introduce you to the concept of memory forensics and then gradually progress deep into more advanced concepts of hunting and investigating advanced malware using free tools and memory analysis frameworks. This book takes a practical approach and uses memory images from real incidents to help you get a better understanding of the subject so that you will be equipped with the skills required to investigate and respond to malware-related incidents and complex targeted attacks. This book touches on the topic of Windows, Linux, and macOS internals and covers concepts, techniques, and tools to detect, investigate, and hunt threats using memory forensics.

By the end of this book, you will be well versed in memory forensics and will have gained hands-on experience of using various tools associated with it. You will be able to create and analyze memory dumps on your own, examine user activity, detect traces of fileless malware, and reconstruct the actions taken by threat actors.

The rest of the chapter is locked

You're reading from Practical Memory Forensics Jumpstart effective forensic analysis of volatile memory

Table of Contents (17) Chapters

Preface

Unlock this book and the full library FREE for 7 days

Authors (2)

Personalised recommendations for you