The Art of Memory Forensics
Detecting Malware and Threats in Windows, Linux, and Mac Memory
Samenvatting
SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS
‘The Art of Memory Forensics’, a follow–up to the bestselling ‘Malware Analyst’s Cookbook’, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must–have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process.
This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real–world application of the techniques presented. Bonus materials include industry–applicable exercises, sample memory dumps, and cutting–edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.
In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:
- Acquire memory from suspect systems in a forensically sound manner
- Learn best practices for Windows, Linux, and Mac memory forensics
- Discover how volatile memory analysis improves digital investigations
- Delineate the proper investigative steps for detecting stealth malware and advanced threats
- Use free, open source tools to conduct thorough memory forensics investigations
- Generate timelines, track user activity, find hidden artifacts, and more
The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book.
Specificaties
Inhoudsopgave
U kunt van deze inhoudsopgave een PDF downloaden
I: An Introduction to Memory Forensics
1. Systems Overview
2. Data Structures
3. The Volatility Framework
4. Memory Acquisition
II: Windows Memory Forensics
5. Windows Objects and Pool Allocations
6. Pocesses, Handles, and Tokens
7. Process Memory Internals
8. Hunting Malware in Process Memory
9. Event Logs
10. Registry in Memory
11. Networking
12. Windows Services
13. Kernel Forensics and Rootkits
14. Windows GUI Subsystem, Part I
15. Windows GUI Subsystem, Part II
16. Disk Artifacts in Memory
17. Event Reconstruction
18. Timelining
III: Linux Memory Forensics
19. Linux Memory Acquisition
20. Linux Operating System
21. Processes and Process Memory
22. Networking Artifacts
23. Kernel Memory Artifacts
24. File Systems in Memory
25. Userland Rootkits
26. Kernel Mode Rootkits
27. Case Study: Phalanx2
IV: Mac Memory Forensics
28. Mac Acquisition and Internals
29. Mac Memory Overview
30. Malicious Code and Rootkits
31. Tracking User Activity
Index
Anderen die dit boek kochten, kochten ook
-
Bob van Duuren€ 34,99 -
Simon Asplen–taylor€ 53,89
-
Bitmap Books€ 65,54
-
Nader Rad€ 34,83
-
Jordan Morrow€ 48,60
-
Razi Rais€ 50,14
Rubrieken
- cadeauboeken
- computer en informatica
- economie
- filosofie
- flora en fauna
- geneeskunde
- geschiedenis
- gezondheid
- jeugd
- juridisch
- koken en eten
- kunst en cultuur
- literatuur en romans
- mens en maatschappij
- naslagwerken
- non-fictie informatief/professioneel
- paramedisch
- psychologie
- reizen
- religie
- schoolboeken
- spiritualiteit
- sport, hobby, lifestyle
- thrillers en spanning
- wetenschap en techniek
- woordenboeken en taal
