#385 in Computers & technology books
Reddit mentions of The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory
Sentiment score: 7
Reddit mentions: 11
We found 11 Reddit mentions of The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory. Here are the top ones.
Buying options
View on Amazon.comor
Wiley
Specs:
Height | 9.200769 Inches |
Length | 7.299198 Inches |
Number of items | 1 |
Weight | 3.32457091096 Pounds |
Width | 1.799209 Inches |
This book covers rootkit development, not analysis, on Windows 7 and x86/IA32. It's a must read, if you're interested in rootkits.
While not yet released, it looks very promising. Over the years, Microsoft has continually introduced better protections against rootkits and malware in Windows. Among other things, the book will cover how some of the rootkits/bootkits seen in the wild have bypassed protections such as Secure Boot, kernel-mode signing, Patch Guard and Device Guard.
I'd also recommend having a look at the following books:
Also, Windows Internals for both Windows 7 and Windows 10 is a great reference to have laying around.
For reverse engineering:
For malware analysis and malware techniques
For programming
This should be enough for you to get started.
Some thoughts:
I've had people recommend the following books:
Other resources:
Books:
1.amazon.com/Rootkit-Arsenal-Escape-Evasion-Corners/dp/144962636X
2.amazon.com/Art-Memory-Forensics-Detecting-Malware/dp/1118825098
3.nostarch.com/rootkits
Blogs/Forums:
1.0x00sec.org/
2./r/rootkit
3.rootkitanalytics.com/
4.turbochaos.blogspot.co.uk/?m=1
5./r/malware
6./r/reverseengineering
7.r00tkit.me/
Aside from SANS FOR508 (the course on which the cert is based) the following helped me:
Windows Registry Forensics
Windows Forensic Analysis Toolkit 2nd ed
Windows Forensic Analysis Toolkit 4th ed
The 2nd edition covers XP, the 4th covers 7/8
Digital Forensics with Open Source Tools
File System Forensic Analysis
This is a new book, but I imagine it'll help as well:
The Art of Memory Forensics
I read many of these in preparation for taking mine, but your best resource are the SANS class/books which is what the cert tests after. Having a good index is key.
There may be other classes out there that might help, but I have no firsthand experience with them, so I can't say what I recommend. All the above books, however, are amazing. Very much worth your time and money.
Everyone seems to be pretty on point with their responses so I'll just throw some ideas out there that you can look into to maybe find a more exciting vector:
Good luck!
There are a ton of different things you can do on the defensive side. The path here is a bit less defined because you can specialize in each of these areas with out ever really touching the other ones. But I think these are the most important skills as a defender, so I’ll break it up into three smaller chunks. For the most part, defender/Blue-team concepts draw from these skills, I’ve setup the courses in order, as some of these skills may feed into other areas.
IR:
Forensics:
Reverse Engineering (Dynamic and Static):
I know there’s not a lot of certs here, and unfortunately, that’s how it is across the blue team. Certs here are usually very vendor-specific, and not applicable to defense as a whole. Those certifications exist, but I’m not listing them here.
If people are interested, I can also do a similar write-up on Mobile Forensics and Cloud Forensics (which is my direct background).
Lastly, here are some of my favorite news sources across the InfoSec community -
News Sources
>Examples of projects I have completed: Coded a basic Linux kernel from the ground up for x86 machines, Working on a basic IRC botnet coded in Python, I have experience in Snort rules and have written Python scripts for log parsing. I have used Wire shark for packet sniffing etc, experience in using IDA for disassembling code for CTFs.
Why on earth would you pursue Sec+ and CISSP if you have experience in those things?
Build a Malware Lab, dude. Check out Practical Malware Analysis and The Art of Memory Forensics. With your experience you could probably wreck those over the summer.
If you want an old school, but relevant (more Red Teamer), you could check out Hacking: The Art of Exploitation and The Shellcoder's Handbook.
Practical Malware Analysis
The Art of Memory Forensics
Hacking
Shellcoder's Handbook
Malware Analyst's Cookbook
If you're looking for practice you can use sysinternals notmyfault but you have to first configure the system to produce a complete memory dump. Another option is memoryze from Fireye (previously Mandiant) though it looks like it hasn't been updated in awhile. I also recommend picking up a copy of The Art of Memory Forensics. That should be enough to get your feet wet.
edit; I forgot to mention Lenny Zeltzer's cheat sheet's as well. While not specifically related to memory forensics there is a sheet covering just about every aspect of infosec from incident response, volatility, reverse engineering, assembly language, analysis report writing, and much much more.
You're going to have a real rough go at it;
That said; 508 is largely derived from the following two sources:
Brian Carrier's File System Forensics (This book is actually given out in the course)
&
The Art of Memory Forensics by MHL, Andrew Case, Jamie Levy, and AAron Walters
That'll get you ~75% the way there. But it's a lot of material to cover and retain without a reference source. I don't know if SANS has an official policy on what specifically you can take in with you during the test outside of your personal notes and their material.
Outside of those two books; get very familiar with The Sleuth Kit and timelining.
Honestly; this would be advice for someone taking the course just as much as it would be for someone not taking the course.