Sophisticated discovery and analysis for the next wave of digital attacks

The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst’s Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.
In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:
• Acquire memory from suspect systems in a forensically sound manner
• Learn best practices for Windows, Linux, and Mac memory forensics
• Discover how volatile memory analysis improves digital investigations
• Delineate the proper investigative steps for detecting stealth malware and advanced threats
• Use free, open source tools to conduct thorough memory forensics investigations
• Generate timelines, track user activity, find hidden artifacts, and more

The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.

针对下一波数字攻击的精密发现和分析

内存取证的艺术》是畅销书《恶意软件分析师食谱》的后续作品，是数字取证、事件响应和执法方面迅速崛起的调查技术的实用指南。内存取证已经成为打击下一个时代的高级恶意软件、定向攻击、安全漏洞和在线犯罪的必备技能。随着漏洞和攻击变得越来越复杂，分析易失性内存对调查过程变得越来越关键。本书为Windows、Linux和Mac系统（包括x64架构）进行内存取证提供了全面指导。基于作者广受欢迎的培训课程，内容包括内存获取、rootkits、跟踪用户活动等，以及说明所介绍技术的实际应用的案例研究。奖励材料包括行业适用的练习、内存转储样本和前沿的内存取证软件。

内存取证是分析RAM以解决数字犯罪的艺术。传统的事件响应往往忽略了易失性内存，它包含了可以证明或反驳系统参与犯罪的关键信息，甚至可以完全摧毁它。通过实施内存取证技术，分析人员能够保留内存驻留工件，这往往为调查现代威胁提供了更有效的策略。

在《内存取证的艺术》中，波动性项目的专家团队提供了功能指导和实用建议，帮助读者

- 以可靠的取证方式从可疑系统中获取内存

- 学习Windows、Linux和Mac内存取证的最佳做法

- 发现易失性内存分析如何改进数字调查

- 阐述检测隐性恶意软件和高级威胁的正确调查步骤

- 使用免费的开源工具来进行彻底的内存取证调查

- 生成时间线，跟踪用户活动，找到隐藏的人工制品，以及更多。

配套网站提供了每一章的练习，以及可用于测试书中各种内存分析技术的数据。请访问我们的网站：www.wiley.com/go/memoryforensics。