Re: Books suggestions for Memory Imaging Tools???

[Matt Erasmus <matt.erasmus () gmail com>]

Howdy

While it's not directly related to your query you may find these posts interesting:

http://lorgor.blogspot.com/2010/11/volatility-mem-forensics-iiiusing.html
http://lorgor.blogspot.com/2010/11/volatility-memory-forensics-iiusing.html
http://dfsforensics.blogspot.com/2011/03/bringing-linux-support-to-volatility.html

There were a couple of interesting posts from SANS on the OS X side of things here:

http://computer-forensics.sans.org/blog/2011/02/04/mac-os-forensics-howto-simple-ram-acquisition-analysis-mac-memory-reader-part-2
http://computer-forensics.sans.org/blog/2011/01/28/mac-os-forensics-howto-simple-ram-acquisition-analysis-mac-memory-reader-part-1

And the latest challenge from the HoneyNet project will give you ample chances to practice..

http://honeynet.org/challenges/2011_7_compromised_server

As for books, I'm still looking myself. Mostly I just read blog posts and try and practice as much as I can.

I hope this helps...


Matt Erasmus // <matt.erasmus () gmail com> // @mattdoterasmus

(keep calm and carry on)

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com