Connect with us on Facebook and Linkedin

Revisions of Memory Dump Analysis Anthology Volumes

Volume 1 is now in its 3rd revision. The main changes since the 2nd revision are readability and punctuation improvements. Content is the same. If you purchased Volume 1 from us in PDF format separately or as a part of training courses, training packs, and reference sets before the 22nd of March, 2015, please use the contact form to request the free update.

Windows Complete Memory Dump Analysis Training Pack

This comprehensive training teaches the analysis of all memory spaces for patterns of abnormal software behavior in process, kernel, and complete (physical) memory dumps:

The pack features:

  • Both x86 and x64 Windows versions
  • Both kernel and user memory spaces
  • Both managed, unmanaged, and native code
  • 3 training courses
  • 12 books (15 in print version)
  • 43 hands-on exercises
  • 140 slides with comments
  • 130 questions and answers
  • 940 pages of training books
  • 4,300 pages of reference materials (4,700 in print version)

This offer includes training courses, pattern encyclopedia, and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Accelerated .NET Memory Dump Analysis, 2nd edition
  3. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  4. Access to Software Diagnostics Library
  5. Memory Dump Analysis Anthology 8-volume set (11-volume set in print version) and Encyclopedia of Crash Dump Analysis Patterns

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Software Diagnostics and Debugging Reference

New! Now includes Encyclopedia of Pattern-Oriented Software Diagnostics for the same price.

Memory Dump Analysis Anthology contains revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) about software diagnostics, debugging, crash dump analysis, software trace and log analysis, malware analysis and memory forensics. Its 8 volumes have more than 3,300 pages and among many topics include more than 300 memory analysis patterns (mostly for WinDbg Windows debugger with selected Mac OS X GDB variants), more than 70 WinDbg case studies, almost 100 general trace and log analysis patterns.

Click on an individual volume to see its description and table of contents:

Print version also includes 3-volume supplement with selected anthology articles reprinted in full premium color (more than 500 pages with almost 400 color illustrations). Click on an individual volume to see its description and table of contents:

You can buy either 8-volume PDF set plus 2 Encyclopedia books with 42% discount or 11-volume set plus 2 Encyclopedia books in paperback format with 56% discount and trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

You also get free access to Software Diagnostics Library.

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Encyclopedia of Pattern-Oriented Software Diagnostics

This is a comprehensive, alphabetically organized multi-volume pattern language reference for software technical support engineers, system and network administrators, software developers and testers, security researchers and reverse engineers, digital forensics and malware analysts. Currently, it consists of the two books in PDF format with the total of 1,250 pages.

This offer also includes online named access to Software Diagnostics Library:

  1. Encyclopedia of Crash Dump Analysis Patterns
  2. Software Trace and Log Analysis: A Pattern Reference
  3. Access to Software Diagnostics Library

Purchase

Note: 50% discount is available for those who previously bought 7- or 8-volume Software Diagnostics and Debugging Reference. Please use the contact form if you would like to buy with a discount.

Trace and Log Analysis Training Pack

This comprehensive pattern-oriented trace and log analysis training for software technical support engineers, system and network administrators, software developers and testers, digital forensics and malware analysts features:

  • 15 books
  • 300 slides with comments
  • 3,500 pages of reference materials

This offer includes a training course with recording, seminar transcripts, a pattern reference, and online access to the vast collection of patterns and case studies:

  1. Accelerated Windows Software Trace Analysis
  2. Software Trace and Log Analysis: A Pattern Reference
  3. Software Trace and Memory Dump Analysis: Patterns, Tools, Processes and Best Practices
  4. Software Narratology: An Introduction to the Applied Science of Software Stories
  5. Malware Narratives: An Introduction
  6. Pattern-Oriented Network Trace Analysis
  7. Mobile Software Diagnostics: An Introduction
  8. Access to Software Diagnostics Library
  9. Memory Dump Analysis Anthology 8-volume set

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Pattern Diagnostics Logo

Also available in a white background version.

Free Sample Exercise eBook

We are happy to announce the release of Pattern-Oriented Software Diagnostics, Debugging, Malware Analysis, Reversing: Sample Training Exercises eBook which is free to download and share. It contains 9 exercises from various training courses.

A Pattern Language for Training Course Development and Maintenance

After developing and publishing almost ten training courses with some of them in the second and the third edition, we decided to summarize our solutions to recurrent training course engineering problems. So we started developing a catalogue of patterns. Here we follow common engineering pattern stack: Requirements, Architecture, Design, Implementation, Presentation, and Deployment (Delivery) patterns.

Here we introduce the first architectural pattern we call after the proverb: First Things First. It describes the need to introduce or remind the basic vocabulary to use for the rest of the training course. This vocabulary is not what the training aims to teach. Its knowledge is a prerequisite, but we need to provide our version of the definition of that terminology in order to have a common ground and remove any misunderstanding that may arise later on.

For example, Accelerated Windows Memory Dump Analysis training course starts
with the following definitions:

  • Application
  • Process
  • Module
  • Driver
  • User space
  • Kernel space
  • Process virtual space
  • Process memory dump
  • Kernel memory dump
  • Complete memory dump
  • Thread
  • Thread raw data
  • Thread stack trace
  • Access violation exception
  • Runtime exception

It is essential terminology we need to agree about before we proceed with teaching memory dump analysis.

We plan a presentation and a book in earlier 2015 to show more patterns from different pattern stack frames.

Pattern-Oriented Network Forensics: A Patten Language Approach

In February, 2015 we plan a lecture from Software Diagnostics Institute which introduces a pattern language for network forensics - investigation of captured network traces for patterns of abnormal network traffic behavior. It provides a unified language for discussing and communicating detection and analysis results, a base language for checklists, and an aid in accelerated learning. Pattern-oriented network forensics is based on a synthesis of pattern-oriented network trace analysis with malware narrative approach including malnarratives and complements pattern-oriented memory forensics.

Enterprise Windows Software Diagnostics and Debugging Pack

32-book debugging (64-book debugging in PDF + print)

This comprehensive training contains more than 5,600 pages (6,000 in print version) and features:

  • 3 Windows versions (x86, x64, ARM)
  • 8 training courses
  • 18 books (33 in print version)
  • 88 exercises
  • 780 slides
  • 2,350 pages of training books
  • 3,300 pages of reference materials (3,700 in print version)

This offer includes training courses, seminar transcripts, and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Debugging3
  2. Accelerated Windows Memory Dump Analysis, 3rd edition
  3. Accelerated .NET Memory Dump Analysis, 2nd edition
  4. Accelerated Windows Malware Analysis with Memory Dumps
  5. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  6. Accelerated Windows Software Trace Analysis + recording
  7. Accelerated Disassembly, Reconstruction and Reversing
  8. Advanced Windows RT Memory Dump Analysis, ARM Edition
  9. Software Diagnostics: The Collected Seminars (9 seminar books in print version)
  10. Principles of Memory Dump Analysis: The Collected Seminars (5 seminar books in print version)
  11. Access to Software Diagnostics Library
  12. Memory Dump Analysis Anthology 8 volume set (11 volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Memory Dump Analysis Anthology, Volume 8a

We are now distributors of Volume 8a of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 8-volume set in PDF format is also available with a discount.

Holiday Printing and Shipping Schedule for December 2014

To ensure timely delivery of our printed courses and reference sets, please purchase printed materials no later than the 8th of December.

Software Diagnostics Skills Assessment Service

Now you can test your staff, job applicants, and prospective contractors for their skill level in software diagnostics: including crash dump analysis, software trace and log analysis.

It works transparently and anonymously:

  1. We prepare memory dumps and software traces on your request and send them to you.
  2. Your candidates analyze them and send their analysis reports.
  3. We evaluate them by individual and overall group performance and provide you individual and comparison score reports.
  4. Additionally on request for specific or all candidates we can ask additional questions based on their analysis reports and provide you with final score reports.

Pricing and other details available upon request.

Certified Software Diagnostics Professional

There are hundreds of individuals and companies who attended our memory dump analysis training sessions or bought training courses directly from us. There are even more who bought them in paperback format from bookstores or read online from content providers.

We now offer a certification in pattern-oriented software diagnostics for software technical support and escalation engineers, software engineers and quality assurance engineers with the following assessment areas:

  • pattern-oriented memory dump analysis
  • pattern-oriented software trace and log analysis

The focus is on unintentional software behaviour such related to crashes, resource consumption (CPU, memory leaks), and hangs. For intentional software behaviour there is Memory Forensics Professional certification under development. The Windows track tests the ability to recognise patterns using the following analysis tools: WinDbg from Microsoft Debugging Tools for Windows and Process Monitor.

The certification has the following features:

  • Two-factor certification:
    1. The first phase is based on real software execution artefacts, not on questions
    2. The second phase involves questions about analysis results to assess understanding
  • Each certificate has its own verifiable CID (Certificate ID)
  • Each assessment score transcript has its unique PID.TID (Performance ID and Transcript ID)
  • Each candidate gets a set of unique memory dumps and software traces
  • Evaluation by individual and overall exam group performance (when there is a sufficient number of candidates and may be postponed initially until the right group size)
  • Second free attempt after one month if the applicant does not pass an assessment

How it is done: after payment, we prepare unique set of memory dumps and software logs together with the short problem descriptions. The preparation may take from two days to a week based on the number of applicants. Then we send these execution artefacts. There is a week to prepare an analysis report. We then evaluate it and ask additional questions during next week. Then we send the final score report. We send the certificate only the applicant recognises 75% of patterns and provides an explanation. The whole certification process may take up to three weeks. An applicant can try again after a month with a new set of memory dumps and traces.

Price: 123 USD (including VAT).

Study materials: Accelerated Windows Memory Dump Analysis 2nd edition or 3rd edition (base); Accelerated .NET Memory Dump Analysis 1st edition or 2nd edition (optional); Accelerated Windows Software Trace Analysis (optional). “Optional” means that if patterns from optional courses are identified this may improve overall score especially if the base course score is below acceptance.

Available from February, 2015. Please use the contact form to enroll.

Certified Memory Forensics Professional

We offer a certification in pattern-oriented memory forensics for digital forensics and incident response professionals, reverse engineers and security researchers with the following assessment areas:

  • pattern-oriented malware detection and analysis
  • pattern-oriented reverse engineering

The focus is on intentional software behaviour such related to malware and rootkits. For unintentional software behaviour there is Software Diagnostics Professional certification. The Windows track tests the ability to recognise ADDR and malware analysis patterns using the following analysis tool: WinDbg from Microsoft Debugging Tools (future versions of this certification may add other tools). It has the same features and process as Software Diagnostics Professional certification.

Price: 123 USD (including VAT).

Study materials: Accelerated Windows Malware Analysis (base); Accelerated Disassembly, Reconstruction and Reversing (optional). “Optional” means that if patterns from optional courses are identified this may improve overall score especially if the base course score is below acceptance. For these courses and additional learning materials we recommend Windows Memory Forensics Training Pack.

Available from February, 2015. Please use the contact form to enroll.

Principles of Memory Dump Analysis: The Collected Seminars

This is a collection of Software Diagnostics Services webinar transcripts about memory dump analysis methodology developed by Software Diagnostics Institute. Includes 6 seminars on physical memory dump analysis, cloud memory dump analysis, patterns, tools, processes and best practices for software trace and memory dump analysis, pattern-oriented software forensics, a pattern language for memory forensics, and mobile software diagnostics.

  • Title: Principles of Memory Dump Analysis: The Collected Seminars
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (September 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • PDF: 284 pages
  • ISBN-13: 978-1906717667

Price: 50 USD (including 50% discount from the price of hardcover edition).

Purchase

Windows Debugging Training Pack

This comprehensive live and postmortem debugging training for software engineers features:

  • Both x86 and x64 Windows versions
  • Both managed, unmanaged and native code
  • 3 training courses
  • 11 books (14 in print version)
  • 46 hands-on exercises
  • 170 slides with comments
  • 120 questions and answers
  • 1,000 pages of training books
  • 3,300 pages of reference materials (3,700 in print version)

Download tables of contents, slides, and sample exercises for all included books

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Accelerated .NET Memory Dump Analysis, 2nd edition
  3. Accelerated Windows Debugging3
  4. Access to Software Diagnostics Library
  5. Memory Dump Analysis Anthology 8-volume set (11-volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Syndicate content