The Art Of Memory Forensics: Detecting Malware And Threats In Windows, Linux, And Mac Memory

The book will teach memory forensics starting with the introductory concepts and moving toward the advanced, most technical aspects. The flow of the manuscript will be based on a 5-day training course that the authors have executed in front of hundreds of students.

This book will provide the necessary foundation for performing volatile memory analysis, demonstrating how it can be used to dramatically improve digital investigation process, and relating how memory analysis can help address many of the challenges currently facing digital investigators. All this using open source, free tools.

• Readers will learn how to acquire memory from suspect systems in the most forensically sound manner possible
• Readers will learn the investigative steps to determine if a machine is infected with malware, if it was used in furtherance of a crime (i.e. as a proxy to an attack), if it is the victim of an external data exfiltration, and so on.
• Readers will follow along with hands-on experiments and gain real-world experience with the concepts described in the manuscript.
• The book will not only cover the most heavily targeted operating system (Windows), but will expand to include Linux and Mac OSX.
• There will be an abundance of programs, code, sample memory dumps, and other supporting evidence files for hands-on activities available for download.
• There will also be instructor's materials: PowerPoint slides, course syllabus, and a test bank.
• There will be more than 30 exercises requiring evidence files, memory samples, and malware samples

Michael Hale-Ligh is author of Malware Analyst’s Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer. Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics. Jamie Levy is a Senior Researcher and Developer targeting memory, network. AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.