Cyber Shelf

// What to read next

What to read after The Art of Memory Forensics

Where to go after The Art of Memory Forensics, picked from our catalog. The next step up from advanced level, weighted toward the topics this book covers.

ForensicsMalwareIncident Response

  1. 01 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand

  2. 02 · 2024

    Evasive Malware

    Kyle Cucci on the anti-analysis arms race: sandbox detection, anti-debug, anti-VM, packing, and the analyst-side tooling and tradecraft that get past those layers.

    Advanced
    4/5Kyle Cucci

  3. 03 · 2009

    Les virus informatiques

    The reference French academic treatment of computer virology — the theory, algorithms and practice of viruses and malicious code — by Éric Filiol, a former military cryptanalyst and one of France's leading virologists.

    Advanced
    4/5Éric Filiol

  4. 04 · 2014

    Practical Reverse Engineering

    A working reverser's textbook from three Microsoft / Quarkslab veterans, covering the architectures and toolchain you'll actually meet on real targets, including the Windows kernel and modern obfuscation patterns.

    Advanced
    4/5Bruce Dang, Alexandre Gazet, Elias Bachaalany

  5. 05 · 2019

    Rootkits and Bootkits

    Matrosov, Rodionov and Bratus on persistent, deeply-embedded malware: kernel rootkits, MBR/UEFI bootkits, and the forensic techniques that surface them. Strongly Windows-internals oriented.

    Advanced
    4/5Alex Matrosov, Eugene Rodionov, Sergey Bratus

  6. 06 · 2022

    The Art of Mac Malware, Volume 1

    Patrick Wardle's deep dive on macOS malware analysis: persistence patterns, injection techniques, anti-analysis tricks, and the macOS-specific tooling needed to triage real samples.

    Advanced
    4/5Patrick Wardle

  7. 07 · 2014

    Incident Response and Computer Forensics

    Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

    Intermediate
    4/5Jason T. Luttgens, Matthew Pepe, Kevin Mandia

  8. 08 · 2017

    Attacking Network Protocols

    James Forshaw, Project Zero veteran, on how to capture, parse, and break protocols from the wire up to the application layer, with a strong focus on building reusable analysis tooling.

    Advanced
    5/5James Forshaw
Back to The Art of Memory ForensicsAlternatives to The Art of Memory Forensics