Cyber Shelf

// What to read next

What to read after The Art of Memory Forensics

Where to go after The Art of Memory Forensics, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

ForensicsMalwareIncident Response

  1. 01 · 2009

    Les virus informatiques : théorie, pratique et applications

    Éric Filiol's reference French-language treatment of computer virology. Formal theory, infection mechanisms, offensive and defensive applications, with academic rigor rare on the topic.

    Advanced
    5/5Éric Filiol

  2. 02 · 2024

    Evasive Malware

    Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

    Advanced
    4/5Kyle Cucci

  3. 03 · 2014

    Practical Reverse Engineering

    A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

    Advanced
    4/5Bruce Dang, Alexandre Gazet, Elias Bachaalany

  4. 04 · 2019

    Rootkits and Bootkits

    Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

    Advanced
    4/5Alex Matrosov, Eugene Rodionov, Sergey Bratus

  5. 05 · 2007

    Techniques virales avancées

    Specialized follow-up to Filiol's Les virus informatiques. Dives into advanced malicious-code attack techniques and their defensive analysis.

    Advanced
    4/5Éric Filiol

  6. 06 · 2022

    The Art of Mac Malware, Volume 1

    Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

    Advanced
    4/5Patrick Wardle

  7. 07 · 2014

    Incident Response and Computer Forensics

    Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

    Intermediate
    4/5Jason T. Luttgens, Matthew Pepe, Kevin Mandia

  8. 08 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw
Back to The Art of Memory ForensicsAlternatives to The Art of Memory Forensics