Practical Memory Forensics: Jumpstart effective forensic analysis of volatile memory
暫譯: 實用記憶體取證：快速啟動有效的揮發性記憶體取證分析

Name: Practical Memory Forensics: Jumpstart effective forensic analysis of volatile memory
Price: 1520 TWD
Availability: InStock
Author: Svetlana Ostrovskaya , Oleg Skulkin
ISBN: 1801070334

Svetlana Ostrovskaya , Oleg Skulkin

出版商: Packt Publishing
出版日期: 2022-03-17
售價: $1,600
貴賓價: 9.5 折 $1,520
語言: 英文
頁數: 304
裝訂: Quality Paper - also called trade paper
ISBN: 1801070334
ISBN-13: 9781801070331

立即出貨 (庫存=1)

商品描述

Key Features

Explore memory forensics, one of the vital branches of digital investigation
Learn the art of user activities reconstruction and malware detection using volatile memory
Get acquainted with a range of open-source tools and techniques for memory forensics

Book Description

Memory Forensics is a powerful analysis technique that can be used in different areas, from incident response to malware analysis. With memory forensics, you can not only gain key insights into the user's context but also look for unique traces of malware, in some cases, to piece together the puzzle of a sophisticated targeted attack.

Starting with an introduction to memory forensics, this book will gradually take you through more modern concepts of hunting and investigating advanced malware using free tools and memory analysis frameworks. This book takes a practical approach and uses memory images from real incidents to help you gain a better understanding of the subject and develop the skills required to investigate and respond to malware-related incidents and complex targeted attacks. You'll cover Windows, Linux, and macOS internals and explore techniques and tools to detect, investigate, and hunt threats using memory forensics. Equipped with this knowledge, you'll be able to create and analyze memory dumps on your own, examine user activity, detect traces of fileless and memory-based malware, and reconstruct the actions taken by threat actors.

By the end of this book, you'll be well-versed in memory forensics and have gained hands-on experience of using various tools associated with it.

What you will learn

Understand the fundamental concepts of memory organization
Discover how to perform a forensic investigation of random access memory
Create full memory dumps as well as dumps of individual processes in Windows, Linux, and macOS
Analyze hibernation files, swap files, and crash dumps
Apply various methods to analyze user activities
Use multiple approaches to search for traces of malicious activity
Reconstruct threat actor tactics and techniques using random access memory analysis

Who this book is for

This book is for incident responders, digital forensic specialists, cybersecurity analysts, system administrators, malware analysts, students, and curious security professionals new to this field and interested in learning memory forensics. A basic understanding of malware and its working is expected. Although not mandatory, knowledge of operating systems internals will be helpful. For those new to this field, the book covers all the necessary concepts.

商品描述(中文翻譯)

#### 主要特點

- 探索記憶體取證，數位調查的重要分支之一
- 學習使用揮發性記憶體重建使用者活動和檢測惡意軟體的技術
- 熟悉一系列開源工具和技術以進行記憶體取證

#### 書籍描述

記憶體取證是一種強大的分析技術，可用於不同領域，從事件響應到惡意軟體分析。透過記憶體取證，您不僅可以獲得使用者上下文的關鍵見解，還可以尋找惡意軟體的獨特痕跡，在某些情況下，拼湊出複雜針對性攻擊的謎團。

本書從記憶體取證的介紹開始，逐步帶您了解使用免費工具和記憶體分析框架來獵捕和調查先進惡意軟體的現代概念。本書採取實用的方法，使用來自真實事件的記憶體映像，幫助您更好地理解該主題並發展調查和應對與惡意軟體相關事件及複雜針對性攻擊所需的技能。您將涵蓋 Windows、Linux 和 macOS 的內部結構，並探索使用記憶體取證來檢測、調查和獵捕威脅的技術和工具。掌握這些知識後，您將能夠自行創建和分析記憶體轉儲，檢查使用者活動，檢測無檔案和基於記憶體的惡意軟體痕跡，並重建威脅行為者的行動。

在本書結束時，您將熟悉記憶體取證並獲得使用各種相關工具的實踐經驗。

#### 您將學到什麼

- 理解記憶體組織的基本概念
- 探索如何對隨機存取記憶體進行取證調查
- 在 Windows、Linux 和 macOS 中創建完整的記憶體轉儲以及單個進程的轉儲
- 分析休眠檔案、交換檔案和崩潰轉儲
- 應用各種方法分析使用者活動
- 使用多種方法搜尋惡意活動的痕跡
- 使用隨機存取記憶體分析重建威脅行為者的戰術和技術

#### 本書適合誰

本書適合事件響應者、數位取證專家、網路安全分析師、系統管理員、惡意軟體分析師、學生以及對此領域感興趣並希望學習記憶體取證的好奇安全專業人士。預期讀者對惡意軟體及其運作有基本了解。雖然不是必須，但對作業系統內部結構的知識將會有所幫助。對於新手，本書涵蓋所有必要的概念。

作者簡介

Svetlana Ostrovskaya is a Principal DFIR Consultant at Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud. Besides active involvement in incident response engagements, Svetlana has extensive training experience in various regions, including Russia, CIS, MEA, Europe, APAC. She has co-authored articles on information security and computer forensics, as well as a number of training programs, including Windows Memory Forensics, Linux Forensics, Advanced Windows Forensic Investigations, and Windows Incident Response and Threat Hunting. Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.

作者簡介(中文翻譯)

斯維特蘭娜·奧斯特羅夫斯卡亞（Svetlana Ostrovskaya）是Group-IB的首席數位取證與事件響應顧問。Group-IB是全球在預防和調查高科技犯罪及網路詐騙方面的領導者之一。除了積極參與事件響應工作外，斯維特蘭娜在俄羅斯、獨立國家聯合體（CIS）、中東和非洲（MEA）、歐洲及亞太地區（APAC）擁有豐富的培訓經驗。她共同撰寫了有關資訊安全和電腦取證的文章，以及多個培訓計畫，包括Windows記憶體取證、Linux取證、高級Windows取證調查和Windows事件響應與威脅獵捕。奧列格·斯庫爾金（Oleg Skulkin）是Group-IB數位取證與惡意程式分析實驗室的負責人。奧列格在數位取證、事件響應和網路威脅情報及研究領域工作超過十年，這激發了他揭露隱藏對手所使用的新技術的熱情。奧列格撰寫和共同撰寫了多篇部落格文章、論文和書籍，並持有GCFA和GCTI認證。