Book Description
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
- How volatile memory analysis improves digital investigations
- Proper investigative steps for detecting stealth malware and advanced threats
- How to use free, open source tools for conducting thorough memory forensics
- Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Table of Contents
Part I: An Introduction to Memory Forensics
Chapter 1: Systems Overview
Chapter 2: Data Structures
Chapter 3: The Volatility Framework
Chapter 4: Memory Acquisition
Part II: Windows Memory Forensics
Chapter 5: Windows Objects and Pool Allocations
Chapter 6: Processes, Handles, and Tokens
Chapter 7: Process Memory Internals
Chapter 8: Hunting Malware in Process Memory
Chapter 9: Event Logs
Chapter 10: Registry in Memory
Chapter 11: Networking
Chapter 12: Windows Services
Chapter 13: Kernel Forensics and Rootkits
Chapter 14: Windows GUI Subsystem, Part I
Chapter 15: Windows GUI Subsystem, Part II
Chapter 16: Disk Artifacts in Memory
Chapter 17: Event Reconstruction
Chapter 18: Timelining
Part III: Linux Memory Forensics
Chapter 19: Linux Memory Acquisition
Chapter 20: Linux Operating System
Chapter 21: Processes and Process Memory
Chapter 22: Networking Artifacts
Chapter 23: Kernel Memory Artifacts
Chapter 24: File Systems in Memory
Chapter 25: Userland Rootkits
Chapter 26: Kernel Mode Rootkits
Chapter 27: Case Study: Phalanx2
Part IV: Mac Memory Forensics
Chapter 28: Mac Acquisition and Internals
Chapter 29: Mac Memory Overview
Chapter 30: Malicious Code and Rootkits
Chapter 31: Tracking User Activity
中文:
书名:记忆取证的艺术
内存取证的艺术:检测Windows、Linux和Mac内存中的恶意软件和威胁
Memory Forensics提供尖端技术帮助调查数字攻击
内存取证是分析计算机内存(RAM)以解决数字犯罪的艺术。作为最畅销的恶意软件分析师手册的后续,恶意软件、安全和数字取证领域的专家为您提供了内存取证的逐步指南-现在是数字取证和事件响应领域最受欢迎的技能。
《内存取证的艺术:在Windows、Linux和Mac Memory中检测恶意软件和威胁》以入门概念为起点,基于作者向数百名学生提供的为期五天的培训课程。这是市场上唯一一本专门关注内存取证以及如何正确部署此类技术的书。了解内存取证技术:
- 易失性存储器分析如何改进数字调查
- 检测隐形恶意软件和高级威胁的适当调查步骤
- 如何使用免费的开源工具进行全面的内存取证
- 以取证可靠的方式从可疑系统获取内存的方法
恶意软件和安全漏洞的下一个时代更加复杂和有针对性,作为事件响应过程的一部分,计算机的易失性存储器经常被忽视或销毁。记忆取证的艺术解释了数字取证中的最新技术创新,以帮助弥合这一差距。它涵盖了最流行和最新发布的Windows、Linux和Mac版本,包括32位和64位版本。
目录表
第一部分:记忆取证简介
第1章:系统概述
第2章:数据结构
第三章:波动性框架
第4章:记忆获取
第二部分:Windows内存取证
第5章:Windows对象和池分配
Chapter 6: Processes, Handles, and Tokens
第7章:进程内存内部结构
第8章:在进程内存中寻找恶意软件
第9章:事件日志
第10章:内存中的注册表
第11章:网络
Chapter 12: Windows Services
第13章:内核取证和rootkit
第14章:Windows图形用户界面子系统,第一部分
第15章:Windows图形用户界面子系统,第二部分
Chapter 16: Disk Artifacts in Memory
第17章:事件重建
第十八章:时间表
第三部分:Linux内存取证
第19章:获取Linux内存
第20章:Linux操作系统
第21章:进程和进程内存
第22章:网络产品
第23章:内核内存构件
第24章:内存中的文件系统
第25章:Userland Rootkit
第26章:内核模式rootkit
Chapter 27: Case Study: Phalanx2
第四部分:Mac内存取证
第28章:Mac收购和内部结构
第29章:Mac内存概述
第30章:恶意代码和Rootkit
Chapter 31: Tracking User Activity
评论前必须登录!
注册