Memory Analysis

This book is written by four of the core Volatility developers - Michael Ligh, Andrew Case, Jamie Levy, and AAron Walters. We've been collaborating for well over 6 years to design the most advanced memory analysis framework and we're excited to be collaborating on a book.

 

The content for the book is based on our Windows Malware and Memory Forensics Training class, which has been executed in front of hundreds of students. As an added bonus, the book also covers Linux and Mac memory forensics. You can view an extended Table of Contents (PDF) online here. 

 

The Art of Memory Forensics

Buy the Book

 

Here is an initial list of ways you can acquire legitimate copies of the book. There are already a number of fake sites out there trying to take your money in exchange for empty zip files and backdoored PDFs. In fact, one claimed one of the book's authors was a bible translator from equitorial guinea. 

 

• Buy it from Amazon (hard copy)

• Buy it from Amazon (kindle edition) 

• Buy it from Wiley

• Buy it from Google Play (ePub)

• Buy it from Barnes & Noble

• Buy it from O'Reilly Media (eBook)

 

Downloads

 

The book's supplementary materials are freely available to everyone. You don't need to buy the book before you access them. 

 

• Volatility Framework 2.4

• Lab questions (size: 45 KB)

• Lab answer sheet (size: 125 KB)

• All memory images (size: 4 GB compressed, 12 GB uncompressed)

• All supporting evidence files (size: 144 KB)

• Your license to the above media (also see CC-BY-NC-SA.txt)

 

Errata

 

Although we try our best to avoid errors, a book of this size is bound to have a few. Please check the errata page for details. Many thanks to our readers for pointing out typos, technical innacurracies, or points that may be confusing.