Practical Memory Forensics: Jumpstart effective forensic analysis of volatile memory

Svetlana Ostrovskaya , Oleg Skulkin

  • 出版商: Packt Publishing
  • 出版日期: 2022-03-17
  • 售價: $1,460
  • 貴賓價: 9.5$1,387
  • 語言: 英文
  • 頁數: 304
  • 裝訂: Quality Paper - also called trade paper
  • ISBN: 1801070334
  • ISBN-13: 9781801070331
  • 下單後立即進貨 (約3~4週)


Key Features

  • Explore memory forensics, one of the vital branches of digital investigation
  • Learn the art of user activities reconstruction and malware detection using volatile memory
  • Get acquainted with a range of open-source tools and techniques for memory forensics

Book Description

Memory Forensics is a powerful analysis technique that can be used in different areas, from incident response to malware analysis. With memory forensics, you can not only gain key insights into the user's context but also look for unique traces of malware, in some cases, to piece together the puzzle of a sophisticated targeted attack.

Starting with an introduction to memory forensics, this book will gradually take you through more modern concepts of hunting and investigating advanced malware using free tools and memory analysis frameworks. This book takes a practical approach and uses memory images from real incidents to help you gain a better understanding of the subject and develop the skills required to investigate and respond to malware-related incidents and complex targeted attacks. You'll cover Windows, Linux, and macOS internals and explore techniques and tools to detect, investigate, and hunt threats using memory forensics. Equipped with this knowledge, you'll be able to create and analyze memory dumps on your own, examine user activity, detect traces of fileless and memory-based malware, and reconstruct the actions taken by threat actors.

By the end of this book, you'll be well-versed in memory forensics and have gained hands-on experience of using various tools associated with it.

What you will learn

  • Understand the fundamental concepts of memory organization
  • Discover how to perform a forensic investigation of random access memory
  • Create full memory dumps as well as dumps of individual processes in Windows, Linux, and macOS
  • Analyze hibernation files, swap files, and crash dumps
  • Apply various methods to analyze user activities
  • Use multiple approaches to search for traces of malicious activity
  • Reconstruct threat actor tactics and techniques using random access memory analysis

Who this book is for

This book is for incident responders, digital forensic specialists, cybersecurity analysts, system administrators, malware analysts, students, and curious security professionals new to this field and interested in learning memory forensics. A basic understanding of malware and its working is expected. Although not mandatory, knowledge of operating systems internals will be helpful. For those new to this field, the book covers all the necessary concepts.


Svetlana Ostrovskaya is a Principal DFIR Consultant at Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud. Besides active involvement in incident response engagements, Svetlana has extensive training experience in various regions, including Russia, CIS, MEA, Europe, APAC. She has co-authored articles on information security and computer forensics, as well as a number of training programs, including Windows Memory Forensics, Linux Forensics, Advanced Windows Forensic Investigations, and Windows Incident Response and Threat Hunting. Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.


Table of Contents

  1. Why Memory Forensics?
  2. Acquisition Process
  3. Windows Memory Acquisition
  4. Reconstructing User Activity with Windows Memory Forensics
  5. Malware Detection and Analysis with Windows Memory Forensics
  6. Alternative Sources of Volatile Memory
  7. Linux Memory Acquisition
  8. User Activity Reconstruction
  9. Malicious Activity Detection
  10. MacOS Memory Acquisition
  11. Malware Detection and Analysis with macOS Memory Forensics