(Ebook PDF) Jumpstart effective forensic analysis of volatile memory Practical Memory Forensics 1st edition by Svetlana Ostrovskaya, Oleg Skulkin 1801079544 9781801079549 full chapters

Jumpstart effective forensic analysis of volatile memory Practical Memory Forensics 1st edition by Svetlana Ostrovskaya, Oleg Skulkin – Ebook PDF Instant Download/DeliveryISBN:  1801079544, 9781801079549 

Full download Jumpstart effective forensic analysis of volatile memory Practical Memory Forensics 1st edition after payment.

Product details:

ISBN-10 ‏ : ‎1801079544 

ISBN-13 ‏ : ‎ 9781801079549

Author :  Svetlana Ostrovskaya, Oleg Skulkin 

A practical guide to enhancing your digital investigations with cutting-edge memory forensics techniques Key Features Explore memory forensics, one of the vital branches of digital investigation Learn the art of user activities reconstruction and malware detection using volatile memory Get acquainted with a range of open-source tools and techniques for memory forensics Book Description Memory Forensics is a powerful analysis technique that can be used in different areas, from incident response to malware analysis. With memory forensics, you can not only gain key insights into the user’s context but also look for unique traces of malware, in some cases, to piece together the puzzle of a sophisticated targeted attack. 

Jumpstart effective forensic analysis of volatile memory Practical Memory Forensics 1st Table of contents:

Section 1: Basics of Memory Forensics
Chapter 1: Why Memory Forensics?
Understanding the main benefits of memory forensics
No trace is left behind
Privacy keeper
Learning about the investigation goals and methodology
The victim’s device
The suspect’s device
Discovering the challenges of memory forensics
Tools
Critical systems
Instability
Summary
Chapter 2: Acquisition Process
Introducing memory management concepts
Address space
Virtual memory
Paging
Shared memory
Stack and heap
What’s live memory analysis?
Windows
Linux and macOS
Understanding partial versus full memory acquisition
Exploring popular acquisition tools and techniques
Virtual or physical
Local or remote
How to choose
It’s time
Summary
Section 2: Windows Forensic Analysis
Chapter 3: Windows Memory Acquisition
Understanding Windows memory-acquisition issues
Preparing for Windows memory acquisition
Acquiring memory with FTK imager
Acquiring memory with WinPmem
Acquiring memory with Belkasoft RAM Capturer
Acquiring memory with Magnet RAM Capture
Summary
Chapter 4: Reconstructing User Activity with Windows Memory Forensics
Technical requirements
Analyzing launched applications
Introducing Volatility
Profile identification
Searching for active processes
Searching for finished processes
Searching for opened documents
Documents in process memory
Investigating browser history
Chrome analysis with yarascan
Firefox analysis with bulk extractor
Tor analysis with Strings
Examining communication applications
Email, email, email
Instant messengers
Recovering user passwords
Hashdump
Cachedump
Lsadump
Plaintext passwords
Detecting crypto containers
Investigating Windows Registry
Virtual registry
Installing MemProcFS
Working with Windows Registry
Summary
Chapter 5: Malware Detection and Analysis with Windows Memory Forensics
Searching for malicious processes
Process names
Detecting abnormal behavior
Analyzing command-line arguments
Command line arguments of the processes
Command history
Examining network connections
Process – initiator
IP addresses and ports
Detecting injections in process memory
Dynamic-link library injections
Portable executable injections
Process Hollowing
Process Doppelgänging
Looking for evidence of persistence
Boot or Logon Autostart Execution
Create Account
Create or Modify System Process
Scheduled task
Creating timelines
Filesystem-based timelines
Memory-based timelines
Summary
Chapter 6: Alternative Sources of Volatile Memory
Investigating hibernation files
Acquiring a hibernation file
Analyzing hiberfil.sys
Examining pagefiles and swapfiles
Acquiring pagefiles
Analyzing pagefile.sys
Analyzing crash dumps
Crash dump creation
Analyzing crash dumps
Summary
Section 3: Linux Forensic Analysis
Chapter 7: Linux Memory Acquisition
Understanding Linux memory acquisition issues
Preparing for Linux memory acquisition
Acquiring memory with LiME
Acquiring memory with AVML
Creating a Volatility profile
Summary
Chapter 8: User Activity Reconstruction
Technical requirements
Investigating launched programs
Analyzing Bash history
Searching for opened documents
Recovering the filesystem
Checking browsing history
Investigating communication applications
Looking for mounted devices
Detecting crypto containers
Summary
Chapter 9: Malicious Activity Detection
Investigating network activity
Analyzing malicious activity
Examining kernel objects
Summary
Section 4: macOS Forensic Analysis
Chapter 10: MacOS Memory Acquisition
Understanding macOS memory acquisition issues
Preparing for macOS memory acquisition
Acquiring memory with osxpmem
Creating a Volatility profile
Summary
Chapter 11: Malware Detection and Analysis with macOS Memory Forensics
Learning the peculiarities of macOS analysis with Volatility
Technical requirements
Investigating network connections
Analyzing processes and process memory
Recovering the filesystem
Obtaining user application data
Searching for malicious activity

People also search for Jumpstart effective forensic analysis of volatile memory Practical Memory Forensics 1st:

what is volatility memory forensics
    
memory analysis techniques
    
memory analysis training
    
forensic analysis of volatile memory
    
forensic memory analysis tools