Pattern-Oriented Memory Forensics

This short book is a fully revised transcript of a lecture introducing a pattern language for memory forensics - an investigation of past software behavior in memory snapshots. It provides a unified language for discussing and communicating detection and analysis results despite the proliferation of operating systems and tools, a base language for checklists, and aid in accelerated learning. The lecture has a short theoretical part and then illustrates various patterns seen in crash dumps by using WinDbg debugger from Microsoft Debugging Tools for Windows.