Memory Forensics

 

Memory Forensics or memory analysis is the forensic analysis of the computer's memory.  Memory forensics provides insights into network connections, executed files or commands, and runtime system activity. To execute any program, it must be first loaded on the memory, which makes it critical for forensic to identify attacks [1].

Selected Syllabi

  • Memory Forensics, CFRS 780 – 001 - Spring 2016; George Mason University [link]
  • CSCI 597 – Digital Forensics Texas A&M University Commerce [link]
  • COMP 8990 - Advanced Digital Forensics, MISSISSIPPI STATE UNIVERSITY [link]
  • NETW236 - Computer Forensics and Investigation, Brookdale Community College [link]

Tools

Below are some of the popular tools used in memory forensic:

Learning Resources

YouTube Videos

  • Introduction to Memory Forensics [Playlist]: link
  • Investigating Malware Using Memory Forensics - A Practical Approach [Black Hat]: link
  • SANS memory Forenisc [playlists]: Windows   Linux

Books

  • The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory; Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters
  • Digital Forensics; André Årnes
  • Computer Forensics with FTK; Fernando Carbone
  • Practical Malware Analysis: The Hands-On Guide to Dissecting Malicious Software; Andrew Honig and Michael Sikorski

Online Courses

  • Coursera Penetration Testing, Incident Response and Forensics: [link]
  • SANS FOR526: Advanced Memory Forensics & Threat Detection:  [link]
  • Volatility Labs, Memory and Malware Forensics: [link]
  • InfoSec Memory Forensics [link]

References

[1] ALL YOU NEED TO KNOW ABOUT MEMORY FORENSICS – IDENTIFYING POTENTIAL VOLATILE DATA