Just some thoughts about memory, Forensics and Volatility!

Second ‘episode’ of my “Little Handbook” serie.

After the pubblication of “The Little Handbook of Windows Forensics”, a lot of readers asked me more information about analysis of volatile memory. In effects, this topic is not explained in-deep in my first book.

So, i decided to recover all my notes about this topic and collect them in a new book.

So, this handbook is dedicated to a deep dive on Microsoft Windows memory, starting from a brief description of memory management, moving on to an extended reference of Volatility Framework and coming to a list of acquisition and analysis workflows.

Table of contents

  1. Some thoughts about Windows memory
  2. The Volatility Framework 2.1 Image Identification 2.2 Kernel Memory and Objects 2.3 Processes and DLLs 2.4 Process Memory 2.5 Networking 2.7 Windows Registry 2.8 Analyze and convert crash dumps and hibernation files
  3. Memory Analysis Workflows 3.1 Memory acquisition on physical system 3.2 Memory acquisition from a Virtual Machine 3.3 Memory extraction from hibernation files 3.4 Extract forensic artifacts from pagefile.sys 3.5 Find malware in memory dumps 3.6 Timeline creation

How to buy

On Amazon, as usual!

Paperback

Lenght: 154 pages Language: English ISBN-10: 1798027402 ISBN-13: 978-1798027400 Product Dimensions: 6 x 0.4 x 9 inches Shipping Weight: 10.2 ounces

$19.99 - Buy on Amazon

Kindle

File Size: 5340 KB Print Length: 279 pages Language: English ASIN: B07P7R5VDW

$7.99 - Buy on Amazon