- Taschenbuch: 912 Seiten
- Verlag: Wiley; Auflage: 1 (3. Oktober 2014)
- Sprache: Englisch
- ISBN-10: 1118825098
- ISBN-13: 978-1118825099
- Größe und/oder Gewicht: 18,5 x 4,3 x 23,4 cm
- Durchschnittliche Kundenbewertung: 1 Kundenrezension
- Amazon Bestseller-Rang: Nr. 113.764 in Fremdsprachige Bücher (Siehe Top 100 in Fremdsprachige Bücher)
- Komplettes Inhaltsverzeichnis ansehen
The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory (Englisch) Taschenbuch – 3. Oktober 2014
|Neu ab||Gebraucht ab|
Wird oft zusammen gekauft
Kunden, die diesen Artikel gekauft haben, kauften auch
Es wird kein Kindle Gerät benötigt. Laden Sie eine der kostenlosen Kindle Apps herunter und beginnen Sie, Kindle-Bücher auf Ihrem Smartphone, Tablet und Computer zu lesen.
Geben Sie Ihre Mobiltelefonnummer ein, um die kostenfreie App zu beziehen.
Wenn Sie dieses Produkt verkaufen, möchten Sie über Seller Support Updates vorschlagen?
SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS
The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst's Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors' popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system's involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.
In The Art of Memory Forensics, the Volatility Project's team of experts provides functional guidance and practical advice that helps readers to:
* Acquire memory from suspect systems in a forensically sound manner
* Learn best practices for Windows, Linux, and Mac memory forensics
* Discover how volatile memory analysis improves digital investigations
* Delineate the proper investigative steps for detecting stealth malware and advanced threats
* Use free, open source tools to conduct thorough memory forensics investigations
* Generate timelines, track user activity, find hidden artifacts, and more
The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.
Über den Autor und weitere Mitwirkende
Michael Hale-Ligh is author of Malware Analyst's Cookbook, Secretary/Treasurer of Volatility Foundation, and a world-class reverse engineer.
Andrew Case is a Digital Forensics Researcher specializing in memory, disk, and network forensics.
Jamie Levy is a Senior Researcher and Developer, targeting memory, network, and malware forensics analysis.
AAron Walters is founder and lead developer of the Volatility Project, President of the Volatility Foundation, and Chair of Open Memory Forensics Workshop.
Welche anderen Artikel kaufen Kunden, nachdem sie diesen Artikel angesehen haben?
Derzeit tritt ein Problem beim Filtern der Rezensionen auf. Bitte versuchen Sie es später noch einmal.
Have a look at the errata, it only contains a fragment of the errors reported more than a year ago.
There is also a lot of references missing to original material where errors in the original material are assumed as correct and not addressed as such.
The title is misguiding in such that it does little to discuss the forensic aspect of memory analysis. A more suitable title is "Volatility the lost manual".
Die hilfreichsten Kundenrezensionen auf Amazon.com
AOMF has over 450 pages dedicated to Windows forensic analysis. While there is a primary focus memory, the authors do a fantastic job of explaining technical analysis concepts around critical areas including the Windows Registry, Event logs, Services, Networking, timelining, kernel level artifacts and much more.
AOMF also covers Linux and OSX, which are two OS’s that are utilized more frequently and require deep-dive analysis today. The memory analysis chapters in these sections provide a solid resource for those interested in understanding more about investigating the bowels of what goes on behind the scenes with regards to unique Linux and OSX files, filesystems, processes, networking and unique userland/kernel artifacts for starters.
Finally, AOMF serves as a verbose educational resource for both professors and students. This is the primary/sole resource I will be leveraging, using labs from and referencing as a graduate level memory forensics professor starting next month.
It's not a comprehensive handbook like Morse and Feshbach. But the current empirical field of memory forensics is not amenable to the kind of structural analysis that can be taught to graduate level physics students. My reason for not rating it five stars is the lack of a theoretical backbone. This is not a computer science book. This is a book about the volatility framework with application to the structure and function of computer memory. It is not a book about data structures or processes. It isn't really forensics, which is the presentation of scientific data and analysis in a court of law.
If you buy the book as a practical handbook of memory forensics, as its authors say, "Art"; you will be pleased. It is a "What do I do now that I have downloaded and typed 'python vol.py.'" I don't know of a better book,