Just some thoughts about memory, Forensics and Volatility!

Second 'episode' of my "Little Handbook" serie.

After the pubblication of "The Little Handbook of Windows Forensics", a lot of readers asked me more information about analysis of volatile memory.
In effects, this topic is not explained in-deep in my first book.

So, i decided to recover all my notes about this topic and collect them in a new book.

So, this handbook is dedicated to a deep dive on Microsoft Windows memory, starting from a brief description of memory management, moving on to an extended reference of Volatility Framework and coming to a list of acquisition and analysis workflows.

Table of contents

  1. Some thoughts about Windows memory
  2. The Volatility Framework
    2.1 Image Identification
    2.2 Kernel Memory and Objects
    2.3 Processes and DLLs
    2.4 Process Memory
    2.5 Networking
    2.7 Windows Registry
    2.8 Analyze and convert crash dumps and hibernation files
  3. Memory Analysis Workflows
    3.1 Memory acquisition on physical system
    3.2 Memory acquisition from a Virtual Machine
    3.3 Memory extraction from hibernation files
    3.4 Extract forensic artifacts from pagefile.sys
    3.5 Find malware in memory dumps
    3.6 Timeline creation

How to buy

On Amazon, as usual!


Lenght: 154 pages
Language: English
ISBN-10: 1798027402
ISBN-13: 978-1798027400
Product Dimensions: 6 x 0.4 x 9 inches
Shipping Weight: 10.2 ounces

$19.99 - Buy on Amazon


File Size: 5340 KB
Print Length: 279 pages
Language: English

$7.99 - Buy on Amazon