The art of memory forensics : (Record no. 995)

MARC details
000 -LEADER
fixed length control field 07691cam a22006497i 4500
001 - CONTROL NUMBER
control field 18066805
003 - CONTROL NUMBER IDENTIFIER
control field OSt
005 - DATE AND TIME OF LATEST TRANSACTION
control field 20220116125220.0
008 - FIXED-LENGTH DATA ELEMENTS--GENERAL INFORMATION
fixed length control field 140313s2014 inua 001 0 eng d
010 ## - LIBRARY OF CONGRESS CONTROL NUMBER
LC control number 2014935751
016 7# - NATIONAL BIBLIOGRAPHIC AGENCY CONTROL NUMBER
Record control number 016774654
Source Uk
020 ## - INTERNATIONAL STANDARD BOOK NUMBER
International Standard Book Number 9781118825099
Qualifying information paperback
035 ## - SYSTEM CONTROL NUMBER
System control number (OCoLC)ocn885319205
040 ## - CATALOGING SOURCE
Original cataloging agency ZNT
Transcribing agency ZNT
Description conventions rda
Modifying agency OKJ
-- YDXCP
-- BTCTA
-- BDX
-- UKMGB
-- OCLCF
-- AU@
-- KHN
-- BEDGE
-- EG-CaTKH
Language of cataloging eng
042 ## - AUTHENTICATION CODE
Authentication code lccopycat
050 00 - LIBRARY OF CONGRESS CALL NUMBER
Classification number QA76.9.A25
Item number L54 2014
082 04 - DEWEY DECIMAL CLASSIFICATION NUMBER
Classification number 004.5028558 LI.A
Edition number 23
100 1# - MAIN ENTRY--PERSONAL NAME
Personal name Ligh, Michael Hale,
Relator term author.
245 14 - TITLE STATEMENT
Title The art of memory forensics :
Remainder of title detecting malware and threats in Windows, Linux, and Mac memory /
Statement of responsibility, etc. Michael Hale Ligh, Andrew Case, Jamie Levy, Aaron Walters.
264 #1 - PRODUCTION, PUBLICATION, DISTRIBUTION, MANUFACTURE, AND COPYRIGHT NOTICE
Place of production, publication, distribution, manufacture Indianapolis, IN :
Name of producer, publisher, distributor, manufacturer John Wiley & Sons, Inc.,
Date of production, publication, distribution, manufacture, or copyright notice 2014
300 ## - PHYSICAL DESCRIPTION
Extent xxiii, 886 pages :
Other physical details illustrations ;
Dimensions 24 cm.
336 ## - CONTENT TYPE
Content type term text
Source rdacontent
Content type code txt
337 ## - MEDIA TYPE
Media type term unmediated
Source rdamedia
Media type code n
338 ## - CARRIER TYPE
Carrier type term volume
Source rdacarrier
Carrier type code nc
504 ## - BIBLIOGRAPHY, ETC. NOTE
Bibliography, etc. note Includes index.
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Machine generated contents note: 1.Systems Overview -- Digital Environment -- PC Architecture -- Operating Systems -- Process Management -- Memory Management -- File System -- I/O Subsystem -- Summary -- 2.Data Structures -- Basic Data Types -- Summary -- 3.The Volatility Framework -- Why Volatility? -- What Volatility Is Not -- Installation -- The Framework -- Using Volatility -- Summary -- 4.Memory Acquisition -- Preserving the Digital Environment -- Software Tools -- Memory Dump Formats -- Converting Memory Dumps -- Volatile Memory on Disk -- Summary -- 5.Windows Objects and Pool Allocations -- Windows Executive Objects -- Pool-Tag Scanning -- Limitations of Pool Scanning -- Big Page Pool -- Pool-Scanning Alternatives -- Summary -- 6.Processes, Handles, and Tokens -- Processes -- Process Tokens -- Privileges -- Process Handles -- Enumerating Handles in Memory -- Summary -- 7.Process Memory Internals -- What's in Process Memory? -- Enumerating Process Memory -- Summary --
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Contents note continued: 8.Hunting Malware in Process Memory -- Process Environment Block -- PE Files in Memory -- Packing and Compression -- Code Injection -- Summary -- 9.Event Logs -- Event Logs in Memory -- Real Case Examples -- Summary -- 10.Registry in Memory -- Windows Registry Analysis -- Volatility's Registry API -- Parsing Userassist Keys -- Detecting Malware with the Shimcache -- Reconstructing Activities with Shellbags -- Dumping Password Hashes -- Obtaining LSA Secrets -- Summary -- 11.Networking -- Network Artifacts -- Hidden Connections -- Raw Sockets and Sniffers -- Next Generation TCP/IP Stack -- Internet History -- DNS Cache Recovery -- Summary -- 12.Windows Services -- Service Architecture -- Installing Services -- Tricks and Stealth -- Investigating Service Activity -- Summary -- 13.Kernel Forensics and Rootkits -- Kernel Modules -- Modules in Memory Dumps -- Threads in Kernel Mode -- Driver Objects and IRPs -- Device Trees -- Auditing the SSDT --
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Contents note continued: Kernel Callbacks -- Kernel Timers -- Putting It All Together -- Summary -- 14.Windows GUI Subsystem, Part I -- The GUI Landscape -- GUI Memory Forensics -- The Session Space -- Window Stations -- Desktops -- Atoms and Atom Tables -- Windows -- Summary -- 15.Windows GUI Subsystem, Part II -- Window Message Hooks -- User Handles -- Event Hooks -- Windows Clipboard -- Case Study: ACCDFISA Ransomware -- Summary -- 16.Disk Artifacts in Memory -- Master File Table -- Extracting Files -- Defeating TrueCrypt Disk Encryption -- Summary -- 17.Event Reconstruction -- Strings -- Command History -- Summary -- 18.Timelining -- Finding Time in Memory -- Generating Timelines -- Ghost in the Enterprise -- Summary -- 19.Linux Memory Acquisition -- Historical Methods of Acquisition -- Modern Acquisition -- Volatility Linux Profiles -- Summary -- 20.Linux Operating System -- ELF Files -- Linux Data Structures -- Linux Address Translation -- procfs and sysfs --
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Contents note continued: Compressed Swap -- Summary -- Processes and Process Memory -- Processes in Memory -- Enumerating Processes -- Process Address Space -- Process Environment Variables -- Open File Handles -- Saved Context State -- Bash Memory Analysis -- Summary -- 22.Networking Artifacts -- Network Socket File Descriptors -- Network Connections -- Queued Network Packets -- Network Interfaces -- The Route Cache -- ARP Cache -- Summary -- 23.Kernel Memory Artifacts -- Physical Memory Maps -- Virtual Memory Maps -- Kernel Debug Buffer -- Loaded Kernel Modules -- Summary -- 24.File Systems in Memory -- Mounted File Systems -- Listing Files and Directories -- Extracting File Metadata -- Recovering File Contents -- Summary -- 25.Userland Rootkits -- Shellcode Injection -- Process Hollowing -- Shared Library Injection -- LD_PRELOAD Rootkits -- GOT/PLT Overwrites -- Inline Hooking -- Summary -- 26.Kernel Mode Rootkits -- Accessing Kernel Mode -- Hidden Kernel Modules --
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Contents note continued: Hidden Processes -- Elevating Privileges -- System Call Handler Hooks -- Keyboard Notifiers -- TTY Handlers -- Network Protocol Structures -- Netfilter Hooks -- File Operations -- Inline Code Hooks -- Summary -- 27.Case Study: Phalanx2 -- Phalanx2 -- Phalanx2 Memory Analysis -- Reverse Engineering Phalanx2 -- Final Thoughts on Phalanx2 -- Summary -- 28.Mac Acquisition and Internals -- Mac Design -- Memory Acquisition -- Mac Volatility Profiles -- Mach-O Executable Format -- Summary -- 29.Mac Memory Overview -- Mac versus Linux Analysis -- Process Analysis -- Address Space Mappings -- Networking Artifacts -- SLAB Allocator -- Recovering File Systems from Memory -- Loaded Kernel Extensions -- Other Mac Plugins -- Mac Live Forensics -- Summary -- 30.Malicious Code and Rootkits -- Userland Rootkit Analysis -- Kernel Rootkit Analysis -- Common Mac Malware in Memory -- Summary -- 31.Tracking User Activity -- Keychain Recovery -- Mac Application Analysis --
505 0# - FORMATTED CONTENTS NOTE
Formatted contents note Contents note continued: Summary.
520 ## - SUMMARY, ETC.
Summary, etc. As a followup to the best-seller Malware Analyst's Cookbook, experts in IT security bring you a step-by-step guide to memory forensics-now the most sought after skill in the digital forensics and incident response fields. Beginning with introductory concepts and moving toward the advanced, The Art of Memory Forensics: Detecting Malware and Threats in Windows, Linux, and Mac Memory, teaches the art of analysing computer memory (RAM) to solve digital crimes. --
Assigning source Source other than Library of Congress.
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Malware (Computer software)
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Computer security.
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Computer networks
General subdivision Security measures.
650 #0 - SUBJECT ADDED ENTRY--TOPICAL TERM
Topical term or geographic name entry element Computer crimes.
700 1# - ADDED ENTRY--PERSONAL NAME
Personal name Case, Andrew,
Titles and other words associated with a name (Digital forensics researcher)
Relator term author.
700 1# - ADDED ENTRY--PERSONAL NAME
Personal name Levy, Jamie,
Relator term author.
700 1# - ADDED ENTRY--PERSONAL NAME
Personal name Walters, Aaron,
Relator term author.
856 41 - ELECTRONIC LOCATION AND ACCESS
Uniform Resource Identifier <a href="https://ebookcentral.proquest.com/lib/coventry/detail.action?docID=1740753&query=The+art+of+memory+forensics">https://ebookcentral.proquest.com/lib/coventry/detail.action?docID=1740753&query=The+art+of+memory+forensics</a>
942 ## - ADDED ENTRY ELEMENTS (KOHA)
Source of classification or shelving scheme Dewey Decimal Classification
Koha item type Books
998 ## - LOCAL CONTROL INFORMATION (RLIN)
Cataloger's name huda.mahmoud
Cataloging process M
First Date, FD (RLIN) 20220110
246 30 - VARYING FORM OF TITLE
Title proper/short title Detecting malware and threats in Windows, Linux, and Mac memory
856 42 - ELECTRONIC LOCATION AND ACCESS
Materials specified Contributor biographical information
856 41 - ELECTRONIC LOCATION AND ACCESS
Materials specified Table of contents only
906 ## - LOCAL DATA ELEMENT F, LDF (RLIN)
a 7
b cbc
c copycat
d 2
e ncip
f 20
g y-gencatlg
Holdings
Withdrawn status Lost status Source of classification or shelving scheme Damaged status Not for loan Collection code Home library Current library Date acquired Total Checkouts Full call number Barcode Date last seen Price effective from Koha item type Date due Date last checked out
    Dewey Decimal Classification     Computing The Knowledge Hub Library The Knowledge Hub Library 08/31/2021   004.50285/58 LI.A 2014 210575 08/31/2021 08/31/2021 Books    
    Dewey Decimal Classification     Computing The Knowledge Hub Library The Knowledge Hub Library 08/31/2021 1 004.50285/58 LI.A 2014 210576 01/02/2024 08/31/2021 Books 05/01/2024 01/02/2024