The Art of Memory Forensics 无水印pdf

所需积分/C币:14 2017-09-25 01:06:20 7.3MB PDF
收藏 收藏
举报

The Art of Memory Forensics 英文无水印pdf pdf所有页面使用FoxitReader和PDF-XChangeViewer测试都可以打开 本资源转载自网络,如有侵权,请联系上传者或csdn删除 本资源转载自网络,如有侵权,请联系上传者或csdn删除
Praise for The art of MEMORY FORENSICS 4 The best. most complete technical book i have read in years” JACK CROOK. Incident handler The authoritative guide to memory forensics BRUCE DANG. Microsoft 6An in-depth guide to memory forensics from the pioneers of the field BRIAN CARRIER BASIS TECHNOLOGY www.it-ebooks.info The Art of Memory Forensics Detecting Malware and Threats in windows Linux and Mac memory Michael hale ligh Andrew case Jamie levy AAron Walters WILEY www.it-ebooks.info The art of Memory Forensics: Detecting Malware and Threats in windows linux, and mac memory Published by John Wiley Sons, Inc 10475 Crosspoint boulevard Indianapolis, IN 46256 Copyright 2014 by John Wiley Sons, Inc, Indianapolis, Indiana Published simultaneously in Canada ISBN:978-1-118-825099 ISBN:978-1-11882504-4(ebk) ISBN:978-1-118-82499-3(ebk) Manufactured in the United states of america 10987654321 No part of this publication may be reproduced stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior writ- ten permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the pyright Clearance Center, 222 Rosewood Drive, Danvers, MA O1923, (978)750-8400, fax(978)646-8600 Requests to the Publisher for permission should be addressed to the Permissions Department, John Wile &sonsInc.,11lRiverStreetHoboken,Nj07030,(201)748-6011,fax(201)748-6008,oronlineathttp:// www.wiley.com/go/permissions Limit of liability/Disclaimer of warranty: The publisher and the author make no representations or war- ranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and /or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make Further readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read For general information on our other products and services please contact our Customer Care Department within the United States at(877)762-2974, outside the United States at (317)572-3993 or fax(317)572-4002 Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or dVd that is not included in the version you purchased you may downloadthismaterialathttp://booksupport.wileycomFormoreinformationaboutWileyprod ucts,visitwww.wiley.com Library of Congress Control Number: 2014935751 Trademarks: Wiley and the wiley logo are trademarks or registered trademarks of john wiley sons, Inc and /or its affiliates, in the United States and other countries and may not be used without written per- mission. All other trademarks are the property of their respective owners. John Wiley Sons, Inc is not associated with any product or vendor mentioned in this book www.it-ebooks.info To my three best friends: Suzanne, Ellis, and Miki. If I could take back the time it took to write this book Id spend every minute with you. Looking forward to our new house -Michael Hale ligh I would like to thank my wife, Jennifer, for her patience during my many sleepless nights and long road trips. I would also like to thank my friends and family, both in the physical and digital world, who have helped me get to where I am today -Andrew Case To my family, who made me the person i am today, and especially to my husband, Tomer, the love of my life, without whose support I wouldn't be her -Jamie levy To my family for their unconditional support; to my wife, Robyn, for her love and understanding; and to Addisyn and Declan for reminding me what is truly important and creating the only memories that matter aaron walters www.it-ebooks.info Credits Executive editor Vice President and executive group publisher Carol long Richard Wadley Project Editor Associate Publisher T-Squared Document Services in minate Technical editors Project Coordinator, Cover Golden G. Richard Ill Patrick Redmond Nick L. Petroni, jr Compositor Production editor Maureen Forys, Happenstance Type-O-Rama Christine mugnolo Proofreaders Copy Editor Jennifer Bennett ancy sixsmith Josh Chase Manager of Content Development and assembly Indexer Mary Beth Wakefield Johnna vanHoose dinse Director of Community Marketing Cover Designer David mayhew oisTock.com/raycat Marketing Manager Cover Imag Dave alle Business Manager Amy Knies www.it-ebooks.info About the Authors Michael hale ligh(@iMHLv2) is author of Malware analyst's Cookbook and secretary treasurer of the Volatility Foundation as both a developer and reverse engineer, his focus is malware cryptography, memory forensics, and automated analysis. He has taught advanced malware and memory forensics courses to students around the world Andrew Case(@attrc)is digital forensics researcher for the Volatility Project responsible for projects related to memory, disk, and network forensics. He is the co-developer of Registry Decoder(a National Institute of Justice-funded forensics application) and was voted Digital Forensics Examiner of the Year in 2013. He has presented original memory forensics research at Black Hat, RSA, and many others Jamie levy(@gleeda)is senior researcher and developer with the Volatility Project. Jamie has taught classes in computer forensics at Queens College and John Jay College. She is an avid contributor to the open- source computer forensics community, and has authored peer-reviewed conference publications and presented at numerous conferences on the topics of memory, network, and malware forensics analysis AAron Walters(@4tphi) is founder and lead developer of the Volatility Project, presi- dent of the Volatility Foundation, and chair of the Open Memory Forensics Workshop AArons research led to groundbreaking developments that helped shape how digital investigators analyze RAM. He has published peer-reviewed papers in IEEE and Digital Investigation journals, and presented at Black Hat, DoD Cyber Crime Conference, and American Academy of Forensic Sciences About the Technical editors Golden G. Richard IiI(@nolaforensix) is currently Professor of Computer Science and Director of the greater new Orleans Center for Information assurance at the university of New Orleans. He also owns Arcane Alloy, LLC, a private digital forensics and computer security company Nick L Petroni,]r, Ph D, is a computer security researcher in the Washington, DCmetro area. He has more than a decade of experience working on problems related to low-level systems security and memory forensics www.it-ebooks.info Acknowledgments e would like to thank the memory forensics community at large those who spend their weekends, nights and holidays conducting research and creating free, open- source code for practitioners. This includes developers and users both past and present that have contributed unique ideas, plugins, and bug fixes to the Volatility framework Specifically, for their help on this book, we want to recognize the following DI c k L Petroni for his invaluable comments during the book review process and whose innovative research inspired the creation of Volatility Dr Golden G. Richard Iii for his expertise and commitment as technical editor Mike Auty for his endless hours helping to maintain and shepherd the volatility source code repository o Bruce dang and Brian Carrier for taking time out of their busy schedules to review our book o Brendan dolan-Gavitt for his numerous contributions to volatility and the memory forensics field that were highlighted in the book e George M. Garner, ]r (GMG Systems, InC. for his insight and guidance in the memory acquisition realm o Matthieu Suiche( moonsols) for reviewing the Windows Memory Toolkit section and for his advancements in mac os X and windows hibernation analysis Matt Shannon(agile risk management) for this review of the F-Response section of the book e Jack Crook for reviewing our book and for providing realistic forensics challenges that involve memory samples and allowing people to use them to become better analysts o Wyatt roersma for providing memory samples from a range of diverse systems and for helping us test and debug issues Andreas Schuster for discussions and ideas that helped shape many of the memory forensics topics and techniques Robert ghilduta, Lodovico Marziale, Joe Sylve, and cris Neckar for their review of the linux chapters and research discussions of the linux kernel o Cem gurkok for his volatility plugins and research into Mac Os X o Dionysus Blazakis, Andrew F Hay, Alex Radocea, and Pedro Vilasa for their help with the Mac os X chapters, including providing memory captures, malware sam ples, research notes, and chapter reviews We also want to thank Maureen Tullis(f-Squared Document Services), Carol Long, and the various teams at Wiley that helped us through the authoring and publishing process www.it-ebooks.info

...展开详情
试读 127P The Art of Memory Forensics 无水印pdf
立即下载 低至0.43元/次 身份认证VIP会员低至7折
抢沙发
一个资源只可评论一次,评论内容不能少于5个字
上传资源赚积分or赚钱
最新推荐
The Art of Memory Forensics 无水印pdf 14积分/C币 立即下载
1/127
The Art of Memory Forensics 无水印pdf第1页
The Art of Memory Forensics 无水印pdf第2页
The Art of Memory Forensics 无水印pdf第3页
The Art of Memory Forensics 无水印pdf第4页
The Art of Memory Forensics 无水印pdf第5页
The Art of Memory Forensics 无水印pdf第6页
The Art of Memory Forensics 无水印pdf第7页
The Art of Memory Forensics 无水印pdf第8页
The Art of Memory Forensics 无水印pdf第9页
The Art of Memory Forensics 无水印pdf第10页
The Art of Memory Forensics 无水印pdf第11页
The Art of Memory Forensics 无水印pdf第12页
The Art of Memory Forensics 无水印pdf第13页
The Art of Memory Forensics 无水印pdf第14页
The Art of Memory Forensics 无水印pdf第15页
The Art of Memory Forensics 无水印pdf第16页
The Art of Memory Forensics 无水印pdf第17页
The Art of Memory Forensics 无水印pdf第18页
The Art of Memory Forensics 无水印pdf第19页
The Art of Memory Forensics 无水印pdf第20页

试读结束, 可继续阅读

14积分/C币 立即下载 >