The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory [Paperback]

Printed in Asia. Table of Contents: Introduction An Introduction to Memory Forensics • Systems Overview • Data Structures • The Volatility Framework • Memory Acquisition Windows Memory Forensics • Windows Objects and Pool Allocations • Processes, Handles and Tokens • Process Memory Internals • Hunting Malware in Process Memory • Event Logs • Registry in Memory • Networking • Windows Services • Kernel Forensics and Rootkits • Windows GUI Subsystem, Part I • Windows GUI Subsystem, Part II • Disk Artifacts in Memory • Event Reconstruction • Timelining Linux Memory Forensics • Linux Memory Acquisition • Linux Operating System • Processes and Process Memory • Networking Artifacts • Kernel Memory Artifacts • File Systems in Memory • User land Rootkits • Kernel Mode Rootkits • Case Study: Phalanx Mac Memory Forensics • Mac Acquisition and Internals • Mac Memory Overview • Malicious Code and Rootkits • Tracking User Activity Index