The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux and Mac Memory Paperback - 23 Sep 2014

The book teaches memory forensics starting with the introductory concepts and moving toward the advanced, most technical aspects. The flow of the manuscript is based on a 5-day training course that the authors have executed in front of hundreds of students. This book provides the necessary foundation for performing volatile memory analysis, demonstrating how it can be used to dramatically improve digital investigation process, and relating how memory analysis can help address many of the challenges currently facing digital investigators. All this using open source, free tools. Readers learn how to acquire memory from suspect systems in the most forensically sound manner possible readers learn the investigative steps to determine if a machine is infected with malware, if it was used in furtherance of a crime (i. E. As a proxy to an attack), if it is the victim of an external data exfiltration, and so on. Readers will get hands-on experiments and gain real-world experience with the concepts described in the manuscript. The book covers not only the most heavily targeted operating system (windows), but also linux and mac osx. Abundance of programs, code, sample memory dumps, and other supporting evidence files for hands-on activities are available for download. Instructor's materials containing: powerpoint slides, course syllabus, and a test bank. More than 30 exercises requiring evidence files, memory samples, and malware samples