Forensic Analysis of Computer Memory
Published byO'Reilly Media, Inc.
What is this learning path about, and why is it important?
Our connected world today generates unimaginable volumes of data, and sometimes that information can be the key to helping law enforcement and corporate investigators solve crimes or reveal intrusions by hackers into a network. Memory analysis is important for incident responders and cases for which there is essential evidence that could be lost when a system is powered off. Fortunately, there are a number of tools we can use to help with memory analysis.
In this learning path, entry- to intermediate-level IT professionals, as well as law enforcement personnel can learn to use tools like Volatility and Rekall to acquire memory images from Windows, Linux, and macOS systems and examine them for signs of malware and other abnormalities. You’ll see the techniques needed to conduct digital forensic work, such as identifying running processes and more.
What you’ll learn—and how you can apply it
- How to acquire memory images on Windows, Linux, and macOS systems
- Identify running processes from captured memory images
- Pinpoint malware indicators from captured memory images
- Use Volatility and Rekall to analyze memory images
This learning path is for you because…
- Basic operating system knowledge
Materials or downloads needed in advance:
- Most of the work will be done in Kali Linux, so it’s a good idea to have this in place beforehand