Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Conferences
Free Learning
Arrow right icon
Practical Memory Forensics
Practical Memory Forensics

Practical Memory Forensics: Jumpstart effective forensic analysis of volatile memory

Arrow left icon
Profile Icon Ostrovskaya Profile Icon Oleg Skulkin
Arrow right icon
₱2245.99
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.3 (3 Ratings)
Paperback Mar 2022 304 pages 1st Edition
eBook
₱1256.99 ₱1796.99
Paperback
₱2245.99
Subscription
Free Trial
Arrow left icon
Profile Icon Ostrovskaya Profile Icon Oleg Skulkin
Arrow right icon
₱2245.99
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.3 (3 Ratings)
Paperback Mar 2022 304 pages 1st Edition
eBook
₱1256.99 ₱1796.99
Paperback
₱2245.99
Subscription
Free Trial
eBook
₱1256.99 ₱1796.99
Paperback
₱2245.99
Subscription
Free Trial

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Table of content icon View table of contents Preview book icon Preview Book

Practical Memory Forensics

Chapter 1: Why Memory Forensics?

We are living in a world where nothing is more certain than change and cybercrimes are no exception. New attack techniques are constantly being developed, and hundreds of malicious programs and scripts are being written and tested to bypass security controls, while scanners scrutinize the World Wide Web for vulnerable hosts and publicly available services. That is why it is extremely important to stay on trend and have all kinds of tools and techniques in your arsenal to be on the same page as the threat actors.

So, why is memory forensics a vital part of many digital forensic examinations and incident response engagements today? What are the main investigative goals and techniques used by digital forensics and incident response professionals? What challenges do they face every day? You'll find answers to these questions in this chapter.

This chapter will cover the following topics:

  • Understanding the main benefits of memory forensics
  • Learning about the investigation goals and methodology
  • Discovering the challenges of memory forensics

Understanding the main benefits of memory forensics

Naturally, for the reader who picks up this book, the benefits are obvious. Since you have decided to deepen your knowledge of memory forensics, you probably have your own reasons for doing so. However, let's take another look at the most common situations in which Random Access Memory (RAM) investigation can play a crucial role (not only in digital forensics but also incident response and malware analysis), and perhaps you will discover new use cases for the knowledge and skills you have acquired.

No trace is left behind

The number of threat actors using living off the land and fileless attack techniques has increased dramatically over the past few years. Attackers no longer care as much about removing their footprints, instead, they try to leave as few of them as possible to avoid detection. This makes the job of information security professionals much more difficult because the use of built-in tools and the lack of malicious files on the disk that can be scanned means that some traditional security solutions may be useless. A lack of logging may make it very hard to reconstruct how threat actors abused built-in dual-use tools, for example, various command and scripting interpreters, in the course of a post-mortem examination, so acquiring and analyzing memory may play a key role in such cases.

Let's discuss each case separately.

Find me in memory

Let's start with malware that works exclusively in memory. The concept itself is not new. When talking about the beginning of the era of memory-resident malware, some researchers refer to Maltese Amoeba, a virus first discovered back in 1991 in Ireland. Others prefer to start with the Code Red worm that appeared in 2001. In any case, since the beginning of the twenty-first century, fileless attacks have only gained momentum and are becoming more and more popular. For example, a payload may be injected directly into memory via PowerShell, and it is becoming extremely common. The process injection technique itself was included in the top 10 MITRE ATT&CK® techniques of 2020 by many cybersecurity vendors. For example, here are the top 10 techniques from the Red Canary 2021 Threat Detection Report via https://redcanary.com/threat-detection-report/techniques/:

Figure 1.1 – Top 10 MITRE ATT&CK techniques of 2020

Figure 1.1 – Top 10 MITRE ATT&CK techniques of 2020

Process hollowing, dynamic-link library injection, process doppelgänging, and other process injection sub-techniques are used not only by sophisticated state-sponsored threat groups but even by commodity malware operators.

Frame of work

The other side of the issue is the use of numerous post-exploitation frameworks, such as Metasploit, Cobalt Strike, or PowerShell Empire. Such instrumentation provides attackers with a wide range of options to generate a variety of malicious payloads and inject them into memory.

Created with offensive security in mind, these frameworks allowed first penetration testers and red teamers, and then various threat actors to use a wide range of techniques with very limited footprints on disk, even if they didn't have outstanding malware development experience. For example, Cobalt Strike's Beacon payload's unmanaged PowerShell features allowed threat actors to run it without actually running powershell.exe, abusing the Windows API instead.

Such frameworks as Cobalt Strike have become so common that some threat actors even use them instead of custom malware. For example, the notorious Evil Corp group, whose members are believed to be behind high-profile ransomware attacks, including Garmin, switched the Dridex bot to Cobalt Strike's Beacon in their WastedLocker campaigns.

Living off the land

Living off the land is a very popular approach in which attackers use built-in tools and installed legitimate software for their own purposes. Most tools for example, PowerShell or WMI, are used by system administrators to perform their daily tasks, making it difficult not only to detect attackers but also to block the tools they use.

Attackers can utilize living-off-the-land techniques with a variety of tactics. PowerShell can be used for downloading the initial payload from the attacker-controlled server, binaries such as rundll32.exe and regsvr32.exe can be used for execution and defense evasion, Ntdsutil can be leveraged for credentials access, and PsExec and WMIC can be abused for remote execution. There are lots of similar examples, and if the IT infrastructure doesn't have advanced logging capabilities, an analyst's chances of extracting such information may be very low. If acquired in time, memory analysis may be of great help!

Another important note is that in many cases, you can find only the first stage of the malicious binary on the disk – the next stage (and potentially even the next!) is loaded from the server directly into memory, so you won't see it during post-mortem analysis if you don't have a memory image.

What's more, most malicious binaries are packed, encoded, and encrypted nowadays in order to avoid detection, but not in memory! So you can use tools such as PE-sieve to collect potentially malicious code for further analysis. Of course, we'll show you how to do it in the following chapters.

Privacy keeper

In recent years, the issue of privacy has become more acute. Tons of personal data, photos, and messages appear online every day. Service providers collect information about our personalities, interests, and routines to make their work more efficient and more useful. Instant messengers, browsers with privacy modes, in-memory file systems, password managers, and crypto containers are emerging as a result.

Of course, privacy is everyone's concern, but it is most relevant to cybercriminals, as they really have something to hide. We have seen more than once situations where files of interest found on a suspect's computer have been encrypted or saved in a crypto container. In such situations, memory collection and analysis is the key to all doors, as it allows investigators to retrieve the passwords and keys needed for decryption.

As you can see, there are different cases but they all have one thing in common, which is that in each of them, memory forensics can play an extremely important role.

Learning about the investigation goals and methodology

The basis of any forensic investigation is goal setting. Goals determine evidence to look for, methods to use, and tools we need. The right approach to goal setting helps to achieve the desired result quickly and efficiently. Remember the famous "divide et impera" principle? Despite its origins and primary purpose, this principle is great for achieving any goals, the main thing is to understand what to divide and how to use it. As part of the investigation goal setting, this principle can be used to break down the primary goal into smaller and simpler ones. Thus, by dividing our goals into components, we get a set of specific actions, the result of which will be the pieces of the puzzle and all we will have to do is to put them together.

Let's start with the more general goals. If we receive for examination the device involved in the incident, there is a high probability that it is either one of the following:

  • The alleged victim's device
  • The suspect's device

Let's look at what both are in the next sections.

The victim's device

Consider a situation in which the victim's device is under investigation. The main goal in this case is to answer the question, What happened? One way is to break this question down into its components:

  1. How did an attacker gain access to the system?
  2. What tools were launched?
  3. Did the attacker get persistence?
  4. Was there a lateral movement?
  5. What actions on the objective were performed?

Now let's do the same thing with the question, How did the attacker gain access to the system?:

  1. Are there any traces of potentially malicious files/links having been opened?
  2. Are there any remote connection services running?
  3. Are there any traces of suspicious connections?
  4. Are there any traces of removable devices being connected?

Let's ask questions about malicious files too:

  1. Are there any traces of suspicious files saved?
  2. Are there any traces of suspicious links opened?
  3. Are there any traces of suspicious files opened?

Finding answers to these questions requires not only knowledge of the digital artifacts and their sources but also the attacker's tactics, techniques, and procedures, so such assessments must also be cyber threat intelligence-driven.

This is the level to which each upper-level question should be broken down. As a result, we have a final list of questions that will allow us to piece together a picture of the incident and answer the first question of What happened? in detail.

The suspect's device

A similar method can be used to investigate the device from which the attacks are suspected to have originated. In this case, questions would be posed based on what the owner of the device is suspected of. For example, if they are suspected of being a malware developer, our questions would be related to the presence of development tools, traces of source code, sales of malware, and so on.

So, we have discussed how memory forensics can help our investigation and what methodology we can apply to do so. However, we cannot remain silent and overlook the weaknesses and possible risks. Let's discuss the challenges of memory forensics.

Discovering the challenges of memory forensics

We hope you have already realized the importance of memory analysis. Now it is time to look for the pitfalls. RAM is a very useful and extremely fragile thing. Any interaction with the system, even the smallest one, can lead to irreversible consequences. For this reason, one of the most important challenges in memory analysis is data preservation.

A few important points related to memory dump creation are listed in the next sections.

Tools

Since most operating systems do not have built-in solutions for creating complete memory dumps, you will have to use specialized tools. There are all kinds of tools available today for creating full memory dumps as well as for extracting individual processes. Investigators can be guided by various considerations when choosing a tool:

  • Changes being made to the system
  • Costs
  • The possibility of remote dump creation

Unfortunately, even using a trusted tool cannot guarantee 100% success. Moreover, it can corrupt the system, and that brings us to the following point.

Critical systems

In some cases, running tools to create memory dumps can cause an overload of the system. That is why an investigator who decides to create a memory dump should be ready to take responsibility for possible risks. The system under investigation could be a critical object, disabling which could lead not only to the loss of important data, but also to the shutdown of critical business processes, and in rare cases, even to a threat to the lives and health of people. The decision to create memory dumps on such systems should be balanced and consider all the pros and cons.

Instability

If the system under investigation is infected with poorly written malware, it is itself unstable. In this situation, an attempt to create a memory dump could lead to unpredictable consequences.

Besides, sometimes malware tries to use anti-forensic techniques and prevent memory preservation in every possible way, which again leads to unpredictable consequences. This happens rarely, but this factor should also be taken into account.

Summary

Memory is a great source of forensic artifacts in the hands of an experienced investigator. Memory analysis provides information on malware activity and its functionality, user context, including recent actions, browsing activity, messaging, and unique evidence such as fileless malware, memory-only application data, encryption keys, and so on.

Memory analysis, like anything else, must be approached in some way. One of the most important things is to set the investigation goal and break it down into simple components to conduct the investigation more quickly and efficiently, and, what's more important, to decide whether it's necessary or data left on the disk is enough to get the answers.

Of course, there is no silver bullet, and memory forensics also has its drawbacks. The main problem is data preservation, but if you can manage that, you will be generously rewarded.

So now that you've learned about the benefits of memory forensics and the challenges associated with it, and you understand the approach to investigation, what's next? We think it's time to dive into the more practical stuff, and our first stop is the memory acquisition process, which we'll talk about in the next chapter.

Left arrow icon Right arrow icon

Key benefits

  • Explore memory forensics, one of the vital branches of digital investigation
  • Learn the art of user activities reconstruction and malware detection using volatile memory
  • Get acquainted with a range of open-source tools and techniques for memory forensics

Description

Memory Forensics is a powerful analysis technique that can be used in different areas, from incident response to malware analysis. With memory forensics, you can not only gain key insights into the user's context but also look for unique traces of malware, in some cases, to piece together the puzzle of a sophisticated targeted attack. Starting with an introduction to memory forensics, this book will gradually take you through more modern concepts of hunting and investigating advanced malware using free tools and memory analysis frameworks. This book takes a practical approach and uses memory images from real incidents to help you gain a better understanding of the subject and develop the skills required to investigate and respond to malware-related incidents and complex targeted attacks. You'll cover Windows, Linux, and macOS internals and explore techniques and tools to detect, investigate, and hunt threats using memory forensics. Equipped with this knowledge, you'll be able to create and analyze memory dumps on your own, examine user activity, detect traces of fileless and memory-based malware, and reconstruct the actions taken by threat actors. By the end of this book, you'll be well-versed in memory forensics and have gained hands-on experience of using various tools associated with it.

Who is this book for?

This book is for incident responders, digital forensic specialists, cybersecurity analysts, system administrators, malware analysts, students, and curious security professionals new to this field and interested in learning memory forensics. A basic understanding of malware and its working is expected. Although not mandatory, knowledge of operating systems internals will be helpful. For those new to this field, the book covers all the necessary concepts.

What you will learn

  • Understand the fundamental concepts of memory organization
  • Discover how to perform a forensic investigation of random access memory
  • Create full memory dumps as well as dumps of individual processes in Windows, Linux, and macOS
  • Analyze hibernation files, swap files, and crash dumps
  • Apply various methods to analyze user activities
  • Use multiple approaches to search for traces of malicious activity
  • Reconstruct threat actor tactics and techniques using random access memory analysis
Estimated delivery fee Deliver to Philippines

Standard delivery 10 - 13 business days

₱492.95

Premium delivery 5 - 8 business days

₱2548.95
(Includes tracking information)

Product Details

Country selected
Publication date, Length, Edition, Language, ISBN-13
Publication date : Mar 17, 2022
Length: 304 pages
Edition : 1st
Language : English
ISBN-13 : 9781801070331
Category :
Concepts :
Tools :

What do you get with Print?

Product feature icon Instant access to your digital eBook copy whilst your Print order is Shipped
Product feature icon Paperback book shipped to your preferred address
Product feature icon Download this book in EPUB and PDF formats
Product feature icon Access this title in our online reader with advanced features
Product feature icon DRM FREE - Read whenever, wherever and however you want
Product feature icon AI Assistant (beta) to help accelerate your learning
OR
Modal Close icon
Payment Processing...
tick Completed

Shipping Address

Billing Address

Shipping Methods
Estimated delivery fee Deliver to Philippines

Standard delivery 10 - 13 business days

₱492.95

Premium delivery 5 - 8 business days

₱2548.95
(Includes tracking information)

Product Details

Publication date : Mar 17, 2022
Length: 304 pages
Edition : 1st
Language : English
ISBN-13 : 9781801070331
Category :
Concepts :
Tools :

Packt Subscriptions

See our plans and pricing
Modal Close icon
$19.99 billed monthly
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Simple pricing, no contract
$199.99 billed annually
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts
$279.99 billed in 18 months
Feature tick icon Unlimited access to Packt's library of 7,000+ practical books and videos
Feature tick icon Constantly refreshed with 50+ new titles a month
Feature tick icon Exclusive Early access to books as they're written
Feature tick icon Solve problems while you work with advanced search and reference features
Feature tick icon Offline reading on the mobile app
Feature tick icon Choose a DRM-free eBook or Video every month to keep
Feature tick icon PLUS own as many other DRM-free eBooks or Videos as you like for just ₱260 each
Feature tick icon Exclusive print discounts

Frequently bought together


Stars icon
Total 7,604.97
Digital Forensics and Incident Response
₱2806.99
Practical Memory Forensics
₱2245.99
Learn Computer Forensics – 2nd edition
₱2551.99
Total 7,604.97 Stars icon

Table of Contents

16 Chapters
Section 1: Basics of Memory Forensics Chevron down icon Chevron up icon
Chapter 1: Why Memory Forensics? Chevron down icon Chevron up icon
Chapter 2: Acquisition Process Chevron down icon Chevron up icon
Section 2: Windows Forensic Analysis Chevron down icon Chevron up icon
Chapter 3: Windows Memory Acquisition Chevron down icon Chevron up icon
Chapter 4: Reconstructing User Activity with Windows Memory Forensics Chevron down icon Chevron up icon
Chapter 5: Malware Detection and Analysis with Windows Memory Forensics Chevron down icon Chevron up icon
Chapter 6: Alternative Sources of Volatile Memory Chevron down icon Chevron up icon
Section 3: Linux Forensic Analysis Chevron down icon Chevron up icon
Chapter 7: Linux Memory Acquisition Chevron down icon Chevron up icon
Chapter 8: User Activity Reconstruction Chevron down icon Chevron up icon
Chapter 9: Malicious Activity Detection Chevron down icon Chevron up icon
Section 4: macOS Forensic Analysis Chevron down icon Chevron up icon
Chapter 10: MacOS Memory Acquisition Chevron down icon Chevron up icon
Chapter 11: Malware Detection and Analysis with macOS Memory Forensics Chevron down icon Chevron up icon
Other Books You May Enjoy Chevron down icon Chevron up icon

Customer reviews

Rating distribution
Full star icon Full star icon Full star icon Half star icon Empty star icon 3.3
(3 Ratings)
5 star 33.3%
4 star 33.3%
3 star 0%
2 star 0%
1 star 33.3%
Bojangles Apr 16, 2022
Full star icon Full star icon Full star icon Full star icon Full star icon 5
Content is excellent, a minor point is that the text in screenshots is quite small in the print version, I wish I’d bought the digital version.
Amazon Verified review Amazon
CHAEYUN Mar 18, 2024
Full star icon Full star icon Full star icon Full star icon Empty star icon 4
hello. Where can I download the memory files used in the book?
Subscriber review Packt
Amaxn cstmr Oct 25, 2022
Full star icon Empty star icon Empty star icon Empty star icon Empty star icon 1
Please, buy The Art of Memory Forensics instead. This book is really just a copy of that - except, with way less information and some updated screenshots.The writing is bad, the content is bad... Yikes to this book. It overexplains basic concepts and under explains harder ones (you know, like people do when they don't actually know what they are talking about?)Overall: can't say anything good about it. If you're looking to learn something useful, there are far better books out there - even if they are almost a decade old. You'll get more out of the outdated books.
Amazon Verified review Amazon
Get free access to Packt library with over 7500+ books and video courses for 7 days!
Start Free Trial

FAQs

What is the delivery time and cost of print book? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela
What is custom duty/charge? Chevron down icon Chevron up icon

Customs duty are charges levied on goods when they cross international borders. It is a tax that is imposed on imported goods. These duties are charged by special authorities and bodies created by local governments and are meant to protect local industries, economies, and businesses.

Do I have to pay customs charges for the print book order? Chevron down icon Chevron up icon

The orders shipped to the countries that are listed under EU27 will not bear custom charges. They are paid by Packt as part of the order.

List of EU27 countries: www.gov.uk/eu-eea:

A custom duty or localized taxes may be applicable on the shipment and would be charged by the recipient country outside of the EU27 which should be paid by the customer and these duties are not included in the shipping charges been charged on the order.

How do I know my custom duty charges? Chevron down icon Chevron up icon

The amount of duty payable varies greatly depending on the imported goods, the country of origin and several other factors like the total invoice amount or dimensions like weight, and other such criteria applicable in your country.

For example:

  • If you live in Mexico, and the declared value of your ordered items is over $ 50, for you to receive a package, you will have to pay additional import tax of 19% which will be $ 9.50 to the courier service.
  • Whereas if you live in Turkey, and the declared value of your ordered items is over € 22, for you to receive a package, you will have to pay additional import tax of 18% which will be € 3.96 to the courier service.
How can I cancel my order? Chevron down icon Chevron up icon

Cancellation Policy for Published Printed Books:

You can cancel any order within 1 hour of placing the order. Simply contact customercare@packt.com with your order details or payment transaction id. If your order has already started the shipment process, we will do our best to stop it. However, if it is already on the way to you then when you receive it, you can contact us at customercare@packt.com using the returns and refund process.

Please understand that Packt Publishing cannot provide refunds or cancel any order except for the cases described in our Return Policy (i.e. Packt Publishing agrees to replace your printed book because it arrives damaged or material defect in book), Packt Publishing will not accept returns.

What is your returns and refunds policy? Chevron down icon Chevron up icon

Return Policy:

We want you to be happy with your purchase from Packtpub.com. We will not hassle you with returning print books to us. If the print book you receive from us is incorrect, damaged, doesn't work or is unacceptably late, please contact Customer Relations Team on customercare@packt.com with the order number and issue details as explained below:

  1. If you ordered (eBook, Video or Print Book) incorrectly or accidentally, please contact Customer Relations Team on customercare@packt.com within one hour of placing the order and we will replace/refund you the item cost.
  2. Sadly, if your eBook or Video file is faulty or a fault occurs during the eBook or Video being made available to you, i.e. during download then you should contact Customer Relations Team within 14 days of purchase on customercare@packt.com who will be able to resolve this issue for you.
  3. You will have a choice of replacement or refund of the problem items.(damaged, defective or incorrect)
  4. Once Customer Care Team confirms that you will be refunded, you should receive the refund within 10 to 12 working days.
  5. If you are only requesting a refund of one book from a multiple order, then we will refund you the appropriate single item.
  6. Where the items were shipped under a free shipping offer, there will be no shipping costs to refund.

On the off chance your printed book arrives damaged, with book material defect, contact our Customer Relation Team on customercare@packt.com within 14 days of receipt of the book with appropriate evidence of damage and we will work with you to secure a replacement copy, if necessary. Please note that each printed book you order from us is individually made by Packt's professional book-printing partner which is on a print-on-demand basis.

What tax is charged? Chevron down icon Chevron up icon

Currently, no tax is charged on the purchase of any print book (subject to change based on the laws and regulations). A localized VAT fee is charged only to our European and UK customers on eBooks, Video and subscriptions that they buy. GST is charged to Indian customers for eBooks and video purchases.

What payment methods can I use? Chevron down icon Chevron up icon

You can pay with the following card types:

  1. Visa Debit
  2. Visa Credit
  3. MasterCard
  4. PayPal
What is the delivery time and cost of print books? Chevron down icon Chevron up icon

Shipping Details

USA:

'

Economy: Delivery to most addresses in the US within 10-15 business days

Premium: Trackable Delivery to most addresses in the US within 3-8 business days

UK:

Economy: Delivery to most addresses in the U.K. within 7-9 business days.
Shipments are not trackable

Premium: Trackable delivery to most addresses in the U.K. within 3-4 business days!
Add one extra business day for deliveries to Northern Ireland and Scottish Highlands and islands

EU:

Premium: Trackable delivery to most EU destinations within 4-9 business days.

Australia:

Economy: Can deliver to P. O. Boxes and private residences.
Trackable service with delivery to addresses in Australia only.
Delivery time ranges from 7-9 business days for VIC and 8-10 business days for Interstate metro
Delivery time is up to 15 business days for remote areas of WA, NT & QLD.

Premium: Delivery to addresses in Australia only
Trackable delivery to most P. O. Boxes and private residences in Australia within 4-5 days based on the distance to a destination following dispatch.

India:

Premium: Delivery to most Indian addresses within 5-6 business days

Rest of the World:

Premium: Countries in the American continent: Trackable delivery to most countries within 4-7 business days

Asia:

Premium: Delivery to most Asian addresses within 5-9 business days

Disclaimer:
All orders received before 5 PM U.K time would start printing from the next business day. So the estimated delivery times start from the next day as well. Orders received after 5 PM U.K time (in our internal systems) on a business day or anytime on the weekend will begin printing the second to next business day. For example, an order placed at 11 AM today will begin printing tomorrow, whereas an order placed at 9 PM tonight will begin printing the day after tomorrow.


Unfortunately, due to several restrictions, we are unable to ship to the following countries:

  1. Afghanistan
  2. American Samoa
  3. Belarus
  4. Brunei Darussalam
  5. Central African Republic
  6. The Democratic Republic of Congo
  7. Eritrea
  8. Guinea-bissau
  9. Iran
  10. Lebanon
  11. Libiya Arab Jamahriya
  12. Somalia
  13. Sudan
  14. Russian Federation
  15. Syrian Arab Republic
  16. Ukraine
  17. Venezuela