Application Memory Analysis

I’ve mentioned a number of times in this book that a detailed discussion of the analysis of physical memory is beyond the scope of this book, and this continues to be the case. To really do the topic justice, even focusing solely in Windows memory, would require a book all its own. That being said, one of perhaps the most overlooked aspects of application analysis is understanding what exists (e.g., data, network connections, open handles, etc.) in memory while the application is running. While this section will not be a tutorial on installing and using memory analysis tools, these tools will be mentioned as a means for extracting information from Windows memory, and are best employed by an analyst with a thorough understanding of their us....