Основной контент книги The Art of Memory Forensics
Длительность книги 914 страниц
0+
Detecting Malware and Threats in Windows, Linux, and Mac Memory
Подарите скидку 10%
Посоветуйте эту книгу и получите 619,41 ₽ с покупки её другом.
О книге
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations Proper investigative steps for detecting stealth malware and advanced threats How to use free, open source tools for conducting thorough memory forensics Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Жанры и теги
Войдите, чтобы оценить книгу и оставить отзыв
Книга Michael Hale Ligh «The Art of Memory Forensics» — читать онлайн на сайте. Оставляйте комментарии и отзывы, голосуйте за понравившиеся.
Возрастное ограничение:
0+
Дата выхода на Литрес:
24 сентября 2018
Общее кол-во страниц:
914
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
- How volatile memory analysis improves digital investigations
- Proper investigative steps for detecting stealth malware and advanced threats
- How to use free, open source tools for conducting thorough memory forensics
- Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
At this writing (Fall 2014) the Wiley instructor companion website is not up to Wiley standards (yet). I wanted to test the code for this review, but the code section on the site only defaults to the creative commons license (both the code and license links). Same with all the chapters, they only display commons, a strawman syllabus and an intro letter. They only resource that is already up is the Powerpoint presentation, and at over 100 pages it is simply OUTSTANDING, which whets the appetite even more for the rest of the outlines, solutions, code, and much more.
So, Wiley, get with it! If you are considering buying this, add your vote in comments and Wiley might listen. I’ll update this once we get the code, both with quality of the code and where it can be used. Going over the license so far, it is quite generous, much like GNU with an attribution link, although of course more robust beyond teaching (eg commercial) if you do get permission. The text itself has wonderful, up to date sploit and software info, patches, etc. but the site, for a book this costly, needs to be completed. I’m not recommending you pass on this because of it, but we won’t be getting the full value for our purchase, nor will our students, until the site is completed.
REVIEW UPDATE: SEE MICHAEL’S COMMENT ATTACHED TO THIS REVIEW. Although Amazon’s automated system generally removes links, the comment gives complete and up to date online resources for this book, as the publisher’s link is incomplete, and will not be updated. The publisher promotion of online evidence samples, code, etc. is not wrong or deceptive, it is just on github rather than the publisher’s site as indicated. PLEASE VIEW THE COMMENT AND VISIT THE SITES INDICATED IN THE COMMENT BEFORE LEAVING A NEGATIVE REVIEW— the resources ARE there, just not where advertised. Also, see Michael’s other best seller at: Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code.
If you are price conscious, notice that in addition to the generous web resources in the comment (including open source/ freeware), the book is over 900 pages long, and PACKED with practical, use-it-now reference and learning tools. I’ve already visited the samples, and they are awesome, especially given that they cover the most frequent o/s permutations. Both Windows and Linux give the exact traces indicated, these authors are the real thing.
SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS
The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst’s Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.
In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:
- Acquire memory from suspect systems in a forensically sound manner
- Learn best practices for Windows, Linux, and Mac memory forensics
- Discover how volatile memory analysis improves digital investigations
- Delineate the proper investigative steps for detecting stealth malware and advanced threats
- Use free, open source tools to conduct thorough memory forensics investigations
- Generate timelines, track user activity, find hidden artifacts, and more
The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.
SOPHISTICATED DISCOVERY AND ANALYSIS FOR THE NEXT WAVE OF DIGITAL ATTACKS
The Art of Memory Forensics, a follow-up to the bestselling Malware Analyst’s Cookbook, is a practical guide to the rapidly emerging investigative technique for digital forensics, incident response, and law enforcement. Memory forensics has become a must-have skill for combating the next era of advanced malware, targeted attacks, security breaches, and online crime. As breaches and attacks become more sophisticated, analyzing volatile memory becomes ever more critical to the investigative process. This book provides a comprehensive guide to performing memory forensics for Windows, Linux, and Mac systems, including x64 architectures. Based on the authors’ popular training course, coverage includes memory acquisition, rootkits, tracking user activity, and more, plus case studies that illustrate the real-world application of the techniques presented. Bonus materials include industry-applicable exercises, sample memory dumps, and cutting-edge memory forensics software.
Memory forensics is the art of analyzing RAM to solve digital crimes. Conventional incident response often overlooks volatile memory, which contains crucial information that can prove or disprove the system’s involvement in a crime, and can even destroy it completely. By implementing memory forensics techniques, analysts are able to preserve memory resident artifacts which often provides a more efficient strategy for investigating modern threats.
In The Art of Memory Forensics, the Volatility Project’s team of experts provides functional guidance and practical advice that helps readers to:
- Acquire memory from suspect systems in a forensically sound manner
- Learn best practices for Windows, Linux, and Mac memory forensics
- Discover how volatile memory analysis improves digital investigations
- Delineate the proper investigative steps for detecting stealth malware and advanced threats
- Use free, open source tools to conduct thorough memory forensics investigations
- Generate timelines, track user activity, find hidden artifacts, and more
The companion website provides exercises for each chapter, plus data that can be used to test the various memory analysis techniques in the book. Visit our website at www.wiley.com/go/memoryforensics.
The digital forensic discipline is vast. In terms of host-based forensics, it used to put a heavy emphasis on dead disk forensics, which sometimes sacrifices availability and takes a long time to do. Most companies nowadays are doing mostly live forensics, which means grabbing everything they could when the system is still running. However, the biggest power of doing live forensics is not disk forensics, it is memory forensics. Memory is very rich in information that professionals treat it as a gold mine when doing digital forensics and incident response (DFIR). Some areas which memory forensics beats its disk forensics counterpart are finding network connections, command history, code injection, and other rootkit-like behaviors. Skipping the memory aspect of an investigation will only create disadvantages for DFIR professionals. Therefore, this month, I am trying to convince you to read some memory forensics-related readings by reviewing probably the most famous book in the field: The Art of Memory Forensics by Michael Hale Ligh, Andrew Case, Jamie Levy, and Aaron Walters (https://www.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098/ref=sr_1_2?crid=ZPXLSKRYY548&keywords=the+art+of+memory+forensics&qid=1566131365&s=gateway&sprefix=the+art+of+memory+%2Caps%2C130&sr=8-2).
I personally love the book. I am still learning a lot of things in this field, and this book does not disappoint. It goes as broad and deep as you like. This book covers a bunch of artifacts you can find out of memory investigation, in a great depth as well. It is also very thorough in terms of the selection of operating system covered, as it covers Windows, Linux, and Mac. I also have to mention that this book only covers Volatility as the tool, and not other memory forensics tools such as Rekall.
Readers may be surprised when reading the first few chapters of the book. It does not jump straight to the memory analysis, but explains about computers in general, so expect reading the functions of computers parts such as CPU and memory. Next, readers can expect some data structure knowledge in the book, which does not make sense at first. However, if you consider how Volatility works, which is by reverse engineering a lot of undocumented operating system’s data structure, you will appreciate their efforts putting it together into one chapter. Then, it will touch base on some more operating system concepts such as internal process memory. Finally, the introduction is closed with several practical things in memory forensics such as memdump plugin demonstration. Although lengthy and seems too theoretical, I appreciate their efforts explaining how those things works in relation to memory forensics.
The authors are also very thorough in explaining things, including why the Volatility team created a plugin in comparison with other existing plugins. For example, they explain how malware use direct kernel object manipulation to circumvent pslist plugin, and how the team created psscan and psxview plugins to detect it. They also do not want to spoon-feed the readers with readily available plugins. Hence, they go extra miles in explaining the data structure behind everything (e.g. network connection) in memory and showcasing the use of python scripts in volshell. This enables ambitious readers to do their own memory research, use custom scripts to analyze something, or create their very own plugins.
Other than memory forensics, there are a lot of security-related things you can learn from reading this book. For penetration testing, you can learn a few things like modifying environment variables to achieve DLL search order hijacking-like capability. For registry forensics, you will find a lot of stuffs since a good portion of the book focuses on recovering registry out of the memory. You can expect to learn a bit about shimcache, shell bags, and user assists. As for malware analysis, you will find plethora of them since the book does not shy away from discussing techniques malware use to manipulate kernel.
There is not really any bad thing from this book. As with very details book like this, it can get dry very fast, depending on your interest level. Especially when reading about very technical things like the data structure of each memory artifact (which is explained for EVERY artifact). But of course, you can skip those things if it does not spark joy for you.
I believe I made it clear already about the audience segment for this book. Every DFIR professional needs to read this, if you want to gain advanced memory forensics skills. Malware analyst will benefit greatly from the book as well. The benefit may diminish for penetration testers because there are only a few techniques related to their jobs. As for executives, this book may not be for them, as it lacks high-level things. But if you like to gain new knowledge in memory forensics, who am I to judge?
I bought the book from a HumbleBundle deal, which makes the digital copy very cheap. However, if you missed the deal and still want to read it, I highly recommend picking up a copy (either digital or physical), due to the great content of the book. A higher cost can be justified by the knowledge you gain from reading it.