Reviews with images
Submit a report
A few common reasons customers report reviews:
- Harassment, profanity
- Spam, advertisement, promotions
- Given in exchange for cash, discounts
When we get your report, we’ll check if the review meets our Community guidelines. If it doesn’t, we’ll remove it.
Sorry we couldn’t load the review
Thank you for your feedback
Sorry, there was an error
Please try again later.
-
Sort reviews by
Top reviews from the United States
There was a problem filtering reviews right now. Please try again later.
Reviewed in the United States on September 18, 2014
At this writing (Fall 2014) the Wiley instructor companion website is not up to Wiley standards (yet). I wanted to test the code for this review, but the code section on the site only defaults to the creative commons license (both the code and license links). Same with all the chapters, they only display commons, a strawman syllabus and an intro letter. They only resource that is already up is the Powerpoint presentation, and at over 100 pages it is simply OUTSTANDING, which whets the appetite even more for the rest of the outlines, solutions, code, and much more.
So, Wiley, get with it! If you are considering buying this, add your vote in comments and Wiley might listen. I’ll update this once we get the code, both with quality of the code and where it can be used. Going over the license so far, it is quite generous, much like GNU with an attribution link, although of course more robust beyond teaching (eg commercial) if you do get permission. The text itself has wonderful, up to date sploit and software info, patches, etc. but the site, for a book this costly, needs to be completed. I’m not recommending you pass on this because of it, but we won’t be getting the full value for our purchase, nor will our students, until the site is completed.
REVIEW UPDATE: SEE MICHAEL’S COMMENT ATTACHED TO THIS REVIEW. Although Amazon’s automated system generally removes links, the comment gives complete and up to date online resources for this book, as the publisher’s link is incomplete, and will not be updated. The publisher promotion of online evidence samples, code, etc. is not wrong or deceptive, it is just on github rather than the publisher’s site as indicated. PLEASE VIEW THE COMMENT AND VISIT THE SITES INDICATED IN THE COMMENT BEFORE LEAVING A NEGATIVE REVIEW— the resources ARE there, just not where advertised. Also, see Michael’s other best seller at:
Malware Analyst’s Cookbook and DVD: Tools and Techniques for Fighting Malicious Code
.
If you are price conscious, notice that in addition to the generous web resources in the comment (including open source/ freeware), the book is over 900 pages long, and PACKED with practical, use-it-now reference and learning tools. I’ve already visited the samples, and they are awesome, especially given that they cover the most frequent o/s permutations. Both Windows and Linux give the exact traces indicated, these authors are the real thing.
16 people found this helpful
Report
Reviewed in the United States on November 14, 2014
This book is one of the best book i have read in recent years. This is a book for anyone in the field of Incident Response, Malware Analysis, Reverse Engineering and Digital Forensics. This book is written by the Core Developers of Volatility and pioneers in the field of memory forensics.The book is very well structured it covers the internals of the Operating System and then the authors explain how the structures are used by the plugins, the authors also show how these plugins can be run against the memory images with real case examples to identify forensic artifacts. In many cases the authors show how to access the operating system structures programmatically using the volshell, this can help in writing your own plugins and also the author references various external sources where you can find more information on a specific topic. The book covers many creative techniques that you can apply in the real world and it also covers information on the Anti-Forensics techniques and how to detect them by cross referencing them with different plugins/data sources. The amount of detail explained in the book shows the knowledge and amount of research the authors have done in this field and the effort the authors have put in to write this book and the Volatility plugins. In short After reading this book you will understand how the operating system works, how the Volatility works, how malware works, how memory forensics work, how to identify the malware and forensic artifacts using memory forensics, how to write your own plugin. I have never seen any book covering these many details, this is one book for everything on memory forensics. This definitely should be the Book of the Year. If there was an option of giving this book ten stars, i would give it ten stars.
4 people found this helpful
Report
Reviewed in the United States on February 23, 2015
I have worked in I.T. for 15 years — in Windows system administration, database administration, and utility software development. About one month ago I started reading heavily on security, and planned for 2015 a shift in career focus to that discipline. So I bought this book and began to read. This had immediate payoff just 2 days ago when I noticed an email from our security team that an IDS had detected a possible Trojan signature on one of our servers. Another analyst ran a full AV scan, and when she found nothing, the email thread dried up. Not so convinced (I had just read the fact on Mandiant’s website that «100% of victims had up-to-date AV software), I triggered a complete memory dump on the server using LiveKD and began working on it with WinDbg commands and Volatility Framework. Within the first few hours, it appeared that there certainly looked to be a rootkit-like presence, but with my limited security knowledge and, even though I debug a kernel dump every now and then, I don’t usually look at things like the IDT 2e entry, etc. However, 15 hours into researching my first real-life production issue, I completely narrowed down the source and contacted the security team and account management. This server would have continued to operate under the radar with the standard tools continually missing the malware’s presence and caused who knows what problems. Thanks to one of the most well-organized, well-written, and informative I.T. books I have ever read, I was able to effectively isolate this piece of malware. This book is an absolute must for anyone even employed in I.T. with responsibilities over safeguarding company networks and infrastructure, and (unfortunately) these days, should probably be employed by anyone at all that plugs in an Ethernet cable or attaches to Wi-Fi! Outstanding material — thanks very much.
67 people found this helpful
Report
Top reviews from other countries
5.0 out of 5 stars
Good book
Reviewed in India on August 9, 2022
5.0 out of 5 stars
Très bon livre
Reviewed in France on August 30, 2021
Un très bon livre, mais pour bien l’apprécier, il faudra malgré tout avoir une bonne base technique
5.0 out of 5 stars
Best book
Reviewed in Italy on August 18, 2021
beautiful book, the best!
5.0 out of 5 stars
Essential for those conducting memory analysis.
Reviewed in the United Kingdom on November 14, 2015
The Art of Memory Forensics is like the equivalent of the bible in Memory Forensic terms. It is a must have and a must have if you are actively involved in computer forensic investigations whether this be in the private or public sector. Do not be intimidated by the size of the book it is very well laid out , easy t understand and contains a treasure trove of information concerning the examination of memory. The main tool used is Volatility which this book explains in detail how to use and leverage in investigations to get the most evidence.
One person found this helpful
Report
5.0 out of 5 stars
Ottimo punto di riferimento
Reviewed in Italy on January 21, 2021
Il libro si presenta bene molto dettagliato nei vari processi e spiegazioni molto tecnico
September 15, 2015
Books
English | 2014 | ISBN: 978-1118825099 | 912 Pages | PDF | 10 MB
Memory forensics provides cutting edge technology to help investigate digital attacks Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques: * How volatile memory analysis improves digital investigations * Proper investigative steps for detecting stealth malware and advanced threats * How to use free, open source tools for conducting thorough memory forensics * Ways to acquire memory from suspect systems in a forensically sound manner The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Homepage
Download from free file storage
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
- How volatile memory analysis improves digital investigations
- Proper investigative steps for detecting stealth malware and advanced threats
- How to use free, open source tools for conducting thorough memory forensics
- Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Book description
Memory forensics provides cutting edge technology to help investigate digital attacks
Memory forensics is the art of analyzing computer memory (RAM) to solve digital crimes. As a follow-up to the best seller Malware Analyst’s Cookbook, experts in the fields of malware, security, and digital forensics bring you a step-by-step guide to memory forensics—now the most sought after skill in the digital forensics and incident response fields.
Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory is based on a five day training course that the authors have presented to hundreds of students. It is the only book on the market that focuses exclusively on memory forensics and how to deploy such techniques properly. Discover memory forensics techniques:
How volatile memory analysis improves digital investigations
Proper investigative steps for detecting stealth malware and advanced threats
How to use free, open source tools for conducting thorough memory forensics
Ways to acquire memory from suspect systems in a forensically sound manner
The next era of malware and security breaches are more sophisticated and targeted, and the volatile memory of a computer is often overlooked or destroyed as part of the incident response process. The Art of Memory Forensics explains the latest technological innovations in digital forensics to help bridge this gap. It covers the most popular and recently released versions of Windows, Linux, and Mac, including both the 32 and 64-bit editions.
Michael Hale Ligh, Andrew Case, Jamie Levy, AAron Walters, «The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory 1st Edition», Wiley, 2014
Introduction
In this blog post, I will be reviewing the comprehensive guide to memory forensics across multiple operating systems, «The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory» by Michael Hale Ligh, Andrew Case, Jamie Levy, and AAron Walters. The book offers an in-depth exploration of memory forensics, covering a wide range of topics from the fundamentals of memory acquisition to advanced techniques for identifying and analyzing malware and other threats in memory. The book is structured into four main parts, focusing on the foundations of memory forensics, Windows memory forensics, Linux memory forensics, and Mac memory forensics. Throughout this review, I will provide an overview of the book’s content and structure, as well as share my thoughts on its strengths, weaknesses, and overall value for those interested in the field of memory forensics.
Summary of the Book
«The Art of Memory Forensics» is a comprehensive guide that provides a deep understanding of memory forensics across three major operating systems: Windows, Linux, and Mac. The book is organized into four main parts, each focusing on a different aspect of memory forensics. Here is a summary of the book’s content, grouped into seven main categories:
-
Foundations of Memory Forensics: This section covers the basics of memory forensics, including systems overview, data structures, the Volatility Framework, and memory acquisition techniques.
-
In-Depth Windows Memory Forensics: This part delves into the intricacies of Windows memory forensics, covering essential concepts and techniques from Chapters 5 to 18, such as objects, processes, registry analysis, networking artifacts, kernel forensics, and rootkits.
-
Comprehensive Linux Memory Forensics: This section explores Linux memory forensics, focusing on key topics and methodologies from Chapters 19 to 27, including Linux memory acquisition, processes, networking artifacts, kernel memory artifacts, file systems in memory, and userland and kernel mode rootkits.
-
Exploring Mac Memory Forensics: This part examines Mac memory forensics, covering the core concepts from Chapters 28 to 31, such as Mac acquisition, internals, memory overview, malicious code and rootkits, and tracking user activity.
The book concludes with a comprehensive summary, highlighting the importance of memory forensics in the ever-evolving digital landscape and emphasizing the need for professionals to continually update their skills and knowledge in this critical field.
«The Art of Memory Forensics» is a valuable resource for professionals and enthusiasts alike, offering a systematic exploration of memory forensics across multiple platforms and providing practical guidance and insights to help readers excel in this domain.
«The Art of Memory Forensics» is an exceptional resource that consolidates the collective knowledge of the developers behind the Volatility framework. This book is highly recommended for those embarking on their memory forensics journey. However, it is crucial to acknowledge that nearly a decade has elapsed since the book’s publication. In particular, the Volatility tools discussed in the book were developed using Python 2. As of 2023, there have been notable advancements in the tools available for memory forensics. In a forthcoming post in this series, I will introduce the Volatility 3 framework, which delivers improved and expanded functionalities for conducting memory forensics.