Introduction -- 1. Malware incident response: volatile data collection and examination on a live Windows system -- 2. Malware incident response: volatile data collection and examination on a live Linux system -- 3. Memory forensics: analyzing physical and process memory dumps for malware artifacts -- 4. Post-mortem forensics: discovering and extracting malware and associated artifacts for Windows systems -- 5. Post-mortem forensics: discovering and extracting malware and associated artifacts from Linux systems -- 6. Legal considerations -- 7. File identification and profiling: initial analysis of a suspect file on Windows system -- 8. File identification and profiling: initial analysis of a suspect file on a Linux system -- 9. Analysis of a suspect program: Windows -- 10. Analysis of a suspect program: Linux -- Index