Tuesday, January 7, 2014

The Art of Memory Forensics

By now, some of you may have realized that The Art of Memory Forensics is available for pre-order on Amazon.

The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory

This book is written by 4 of the core Volatility developers - Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda) and AAron Walters (@4tphi). We've been collaborating for well over 6 years to design the most advanced memory analysis framework and we're excited to be collaborating on a book.

The content for the book is based on our Windows Malware and Memory Forensics Training class, which has been executed in front of hundreds of students across the US and Europe. As an added bonus, the book will also cover Linux and Mac memory forensics.

Unlike some other books, which will run you $50 for 250 pages (we call those expensive brochures), The Art of Memory Forensics will be over 700 pages. In fact, its still possible that we may grossly exceed that and have to split it into two editions, which will royally piss off our publisher.

An electronic book will be available for Kindle initially and at some point, also on Safari Bookstore.


  1. Michael, Andrew, Jamie and AAron,

    Excellent. Doubtless, it'll be a very nice and suitable resource for Forensic Analysis. Personally, I'm sure the Volatility framerwork is the best memory forensic tool of the world and nothing is better than a book written by you. As I live in Sao Paulo (Brazil) and your courses, unfortunatelly, aren't taught here, this book will be even more valuable.
    I hope you have the necessary inspiration to write and explain everything in a clear way.
    Good luck and take care.

    Alexandre Borges (http://br.linkedin.com/in/aleborges)

  2. "In fact, its still possible that we may grossly exceed that and have to split it into two editions, which will royally piss off our publisher."

    Piss off your publisher? Does Wiley not know how much knowledge the four of you have in your heads? I don't know what they were expecting, but I'm sure their customers would welcome Part 2. This was definitely the fastest pre-order I ever made, and I'm sure Part 2 would be the same.

    1. Hehe, "piss off the publisher" was a joke, but to be honest, changes so drastic as splitting a book into two editions can cause them quite a headache on the production side of things.

  3. Does it cover 8 and 8.1? 8.1 might have been too late?

    1. Indeed, it will cover 8, 8.1, 2012, and 2012 R2. In the off chance Microsoft releases Windows 9 during the course of our writing, I'll try to squeeze that in also ;-)