Table of Contents

Why Memory Forensics?

Acquisition Process

Windows Memory Acquisition

Reconstructing User Activity with Windows Memory Forensics

Malware Detection and Analysis with Windows Memory Forensics

Alternative Sources of Volatile Memory

Linux Memory Acquisition

User Activity Reconstruction

Malicious Activity Detection

MacOS Memory Acquisition

Malware Detection and Analysis with macOS Memory Forensics

About the Author

Svetlana Ostrovskaya is a Principal DFIR Consultant at Group-IB, one of the global leaders in preventing and investigating high-tech crimes and online fraud. Besides active involvement in incident response engagements, Svetlana has extensive training experience in various regions, including Russia, CIS, MEA, Europe, APAC. She has co-authored articles on information security and computer forensics, as well as a number of training programs, including Windows Memory Forensics, Linux Forensics, Advanced Windows Forensic Investigations, and Windows Incident Response and Threat Hunting.
Oleg Skulkin is the Head of Digital Forensics and Malware Analysis Laboratory at Group-IB. Oleg has worked in the fields of digital forensics, incident response, and cyber threat intelligence and research for over a decade, fueling his passion for uncovering new techniques used by hidden adversaries. Oleg has authored and co-authored multiple blog posts, papers, and books on related topics and holds GCFA and GCTI certifications.