Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Practical Memory Forensics

You're reading from   Practical Memory Forensics Jumpstart effective forensic analysis of volatile memory

Arrow left icon
Product type Paperback
Published in Mar 2022
Publisher Packt
ISBN-13 9781801070331
Length 304 pages
Edition 1st Edition
Tools
Concepts
Arrow right icon
Authors (2):
Arrow left icon
Oleg Skulkin Oleg Skulkin
Author Profile Icon Oleg Skulkin
Oleg Skulkin
Svetlana Ostrovskaya Svetlana Ostrovskaya
Author Profile Icon Svetlana Ostrovskaya
Svetlana Ostrovskaya
Arrow right icon
View More author details
Toc

Table of Contents (17) Chapters Close

Preface 1. Section 1: Basics of Memory Forensics
2. Chapter 1: Why Memory Forensics? FREE CHAPTER 3. Chapter 2: Acquisition Process 4. Section 2: Windows Forensic Analysis
5. Chapter 3: Windows Memory Acquisition 6. Chapter 4: Reconstructing User Activity with Windows Memory Forensics 7. Chapter 5: Malware Detection and Analysis with Windows Memory Forensics 8. Chapter 6: Alternative Sources of Volatile Memory 9. Section 3: Linux Forensic Analysis
10. Chapter 7: Linux Memory Acquisition 11. Chapter 8: User Activity Reconstruction 12. Chapter 9: Malicious Activity Detection 13. Section 4: macOS Forensic Analysis
14. Chapter 10: MacOS Memory Acquisition 15. Chapter 11: Malware Detection and Analysis with macOS Memory Forensics 16. Other Books You May Enjoy

What this book covers

Chapter 1, Why Memory Forensics?, explains why memory forensics is a vital part of many digital forensic examinations nowadays based on real-world examples, describing the main goals and investigation techniques used by DFIR specialists as well as discussing daily challenges they face.

Chapter 2, Acquisition Process, familiarizes you with the basic techniques and tools used for memory acquisition, and the possible issues associated with this process. In addition, you will have the opportunity to compare live memory analysis with that of memory dumps by examining the pros and cons.

Chapter 3, Windows Memory Acquisition, discusses Windows memory acquisition tools along with their approach to memory work. Some suggestions for choosing the right tool will be discussed as well as comprehensive examples.

Chapter 4, Reconstructing User Activity with Windows Memory Forensics, looks at reconstructing user activity, which is essential for many cases since it gives a better understanding of what is going on. This chapter provides some insights into user action recovery techniques based not only on running processes and network connections but also on the analysis of the Windows registry and file system in memory.

Chapter 5, Malware Detection and Analysis with Windows Memory Forensics, tackles how modern malware tends to leave as few traces as possible on the disk, which is why memory analysis is becoming a critical element of forensic investigation. In this chapter, we will explain how to search for traces of malicious software in process memory as well as in the Windows Registry, event logs, and file system artifacts in memory.

Chapter 6, Alternative Sources of Volatile Memory, addresses the fact that, sometimes, it is impossible to create a memory dump for analysis, however, there is always a chance of finding some volatile memory on disk. This chapter introduces alternative sources of volatile data in Windows along with the tools and techniques for their analysis.

Chapter 7, Linux Memory Acquisition, shows the core differences between Windows and Linux memory acquisition. Tools for Linux memory acquisition will be proposed along with their configuration and use cases.

Chapter 8, User Activity Reconstruction, looks at how reconstructing user activity in Linux-based systems is a bit different from that in Windows. This chapter will give you several tricks for how to track user activity with Linux memory dumps.

Chapter 9, Malicious Activity Detection, focuses on the techniques needed to search for malicious activity in Linux-based systems and analyze it.

Chapter 10, MacOS Memory Acquisition, relates to the acquisition process, focusing on macOS memory acquisition tools and their use, so you will be able to create memory dumps from all popular operating systems.

Chapter 11, Malware Detection and Analysis with macOS Memory Forensics, looks at techniques that allow us to get the data we need to track user actions and detect and analyze malicious activity in macOS memory.

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image