A practical guide to enhancing your digital investigations with
cutting-edge memory forensics techniques
Key Features:
-
Explore memory forensics, one of the vital branches of digital
investigation
-
Learn the art of user activities reconstruction and malware detection
using volatile memory
-
Get acquainted with a range of open-source tools and techniques for
memory forensics
Book Description:
Memory Forensics is a powerful analysis technique that can be used in
different areas, from incident response to malware analysis. With memory
forensics, you can not only gain key insights into the user's context
but also look for unique traces of malware, in some cases, to piece
together the puzzle of a sophisticated targeted attack.
Starting with an introduction to memory forensics, this book will
gradually take you through more modern concepts of hunting and
investigating advanced malware using free tools and memory analysis
frameworks. This book takes a practical approach and uses memory images
from real incidents to help you gain a better understanding of the
subject and develop the skills required to investigate and respond to
malware-related incidents and complex targeted attacks. You'll cover
Windows, Linux, and macOS internals and explore techniques and tools to
detect, investigate, and hunt threats using memory forensics. Equipped
with this knowledge, you'll be able to create and analyze memory dumps
on your own, examine user activity, detect traces of fileless and
memory-based malware, and reconstruct the actions taken by threat
actors.
By the end of this book, you'll be well-versed in memory forensics and
have gained hands-on experience of using various tools associated with
it.
What You Will Learn:
-
Understand the fundamental concepts of memory organization
-
Discover how to perform a forensic investigation of random access
memory
-
Create full memory dumps as well as dumps of individual processes in
Windows, Linux, and macOS
-
Analyze hibernation files, swap files, and crash dumps
-
Apply various methods to analyze user activities
-
Use multiple approaches to search for traces of malicious activity
-
Reconstruct threat actor tactics and techniques using random access
memory analysis
Who this book is for:
This book is for incident responders, digital forensic specialists,
cybersecurity analysts, system administrators, malware analysts,
students, and curious security professionals new to this field and
interested in learning memory forensics. A basic understanding of
malware and its working is expected. Although not mandatory, knowledge
of operating systems internals will be helpful. For those new to this
field, the book covers all the necessary concepts.