07. Linux Memory Forensics
This section is about dynamic memory acquisition and live memory forensics of Linux boxes. Improve your memory forensics skills by playing with Volatility Framework 2/3 against a huge set of Linux attack use cases. The idea is simple. You make an offensive operation and in the next step, you download the RAM image and use Volatility Framework to find artifacts. The entire process has been automated, which allows you to focus on the merits. Memory forensics is also a cool approach for baselining low levels of your OS and apps!
8 Lessons