by Michael Hale Ligh, Andrew Case, Jamie Levy & AAron Walters
The
Art of Memory Forensics
This book is written by four of the core Volatility developers, Michael Hale Ligh, Andrew Case, Jamie Levy, and AAron Walters, who collaborated to design the most advanced memory analysis framework and we’re excited to be collaborating on a book.
The content for the book is based on our Windows Malware and Memory Forensics Training course, which has been taken by thousands of students. As an added bonus, the book also covers Linux and Mac memory forensics. You can view an extended Table of Contents (PDF) online here.
Supplemental Materials
DOWNLOads
The book’s supplementary materials are freely available to everyone. You don’t need to buy the book before you access them.
-
Lab questions (size: 45 KB)
-
Lab answer sheet (size: 125 KB)
-
All supporting evidence files (size: 144 KB)
-
Your license to the above media (also see CC-BY-NC-SA.txt)
All memory images: To prevent excessive bandwidth from robots and web scrapers, we kindly ask that you request a download link by emailing voltraining@memoryanalysis.net or contacting us through our contact page.
ERRATA
Although we try our best to avoid errors, a book of this size is bound to have a few. Please check the errata page for details. Many thanks to our readers for pointing out typos, technical inaccuracies, or points that may be confusing.