top of page

The Art of Memory Forensics

This book is written by four of the core Volatility developers - Michael Ligh, Andrew Case, Jamie Levy, and AAron Walters. We've been collaborating for well over 6 years to design the most advanced memory analysis framework and we're excited to be collaborating on a book.


The content for the book is based on our Windows Malware and Memory Forensics Training class, which has been executed in front of hundreds of students. As an added bonus, the book also covers Linux and Mac memory forensics. You can view an extended Table of Contents (PDF) online here


Buy the Book


Here is an initial list of ways you can acquire legitimate copies of the book. There are already a number of fake sites out there trying to take your money in exchange for empty zip files and backdoored PDFs. In fact, one claimed one of the book's authors was a Bible translator from Equitorial Guinea. 





The book's supplementary materials are freely available to everyone. You don't need to buy the book before you access them. 




Although we try our best to avoid errors, a book of this size is bound to have a few. Please check the errata page for details. Many thanks to our readers for pointing out typos, technical inaccuracies, or points that may be confusing.

bottom of page