Memory Analysis
World-Class Technical Training for Digital Forensics Professionals
The Art of Memory Forensics
This book is written by four of the core Volatility developers - Michael Ligh, Andrew Case, Jamie Levy, and AAron Walters. We've been collaborating for well over 6 years to design the most advanced memory analysis framework and we're excited to be collaborating on a book.
The content for the book is based on our Windows Malware and Memory Forensics Training class, which has been executed in front of hundreds of students. As an added bonus, the book also covers Linux and Mac memory forensics. You can view an extended Table of Contents (PDF) online here.
Buy the Book
Here is an initial list of ways you can acquire legitimate copies of the book. There are already a number of fake sites out there trying to take your money in exchange for empty zip files and backdoored PDFs. In fact, one claimed one of the book's authors was a Bible translator from Equitorial Guinea.
-
Buy it from Amazon (hard copy)
-
Buy it from Amazon (kindle edition)
-
Buy it from Google Play (ePub)
-
Buy it from O'Reilly Media (eBook)
Downloads
The book's supplementary materials are freely available to everyone. You don't need to buy the book before you access them.
-
Lab questions (size: 45 KB)
-
Lab answer sheet (size: 125 KB)
-
All supporting evidence files (size: 144 KB)
-
Your license to the above media (also see CC-BY-NC-SA.txt)
-
All memory images: To prevent excessive bandwidth from robots and web scrapers, we kindly ask that you request a download link by emailing voltraining@memoryanalysis.net or contacting us through our contact page.
Errata
Although we try our best to avoid errors, a book of this size is bound to have a few. Please check the errata page for details. Many thanks to our readers for pointing out typos, technical inaccuracies, or points that may be confusing.