Cyber Shelf

// Prerequisites

What to read before The Art of Memory Forensics

If The Art of Memory Forensics feels too steep at advanced level, here is what to read first. Lighter books in the same topics that build the prerequisites this one assumes.

ForensicsMalwareIncident Response

  1. 01 · 2014

    Incident Response and Computer Forensics

    Luttgens, Pepe, and Mandia's working playbook for running an enterprise IR engagement: pre-engagement readiness, evidence acquisition, network and host forensics, and the project-management discipline that separates a controlled response from a panic.

    Intermediate
    4/5Jason T. Luttgens, Matthew Pepe, Kevin Mandia

  2. 02 · 2012

    Practical Malware Analysis

    Still the gold standard textbook for static and dynamic malware analysis on Windows.

    Intermediate
    5/5Michael Sikorski, Andrew Honig

  3. 03 · 2015

    Hacking et Forensic

    A hands-on French guide to building your own offensive and forensic tools in Python — networking, packet crafting, web and forensic scripting — for people who'd rather write the tool than buy it.

    Intermediate
    4/5Franck Ebel, Jérôme Hennecart

  4. 04 · 2023

    Intelligence-Driven Incident Response

    A practitioner's guide to wiring threat intelligence into the incident response loop, built around the F3EAD cycle rather than tool-of-the-week tutorials.

    Intermediate
    4/5Scott J. Roberts, Rebekah Brown

  5. 05 · 2018

    Malware Data Science

    Saxe and Sanders apply machine-learning techniques (classification, clustering, deep learning) to malware detection and attribution, with working Python code and real corpora.

    Intermediate
    4/5Joshua Saxe, Hillary Sanders

  6. 06 · 2021

    Practical Linux Forensics

    Bruce Nikkel's reference for forensic analysts working post-mortem on Linux images: filesystems, journaling, logs, persistence locations, and the chain of custody discipline around them.

    Intermediate
    4/5Bruce Nikkel

  7. 07 · 2014

    Countdown to Zero Day

    Kim Zetter's investigative reconstruction of Stuxnet, the joint US/Israeli operation that physically damaged Iranian uranium-enrichment centrifuges via a worm, and what its discovery revealed about state-level cyber capability.

    Beginner
    5/5Kim Zetter

  8. 08 · 2024

    Evading EDR

    A component-by-component teardown of how modern EDR sensors actually collect telemetry, and where each data source can be starved, blinded, or bypassed.

    Advanced
    4/5Matt Hand
Back to The Art of Memory ForensicsWhat to read after The Art of Memory Forensics