In this podcast episode, we talk about Linux's `memfd` – a virtual file system allowing the creation of anonymous memory areas for shared memory or temporary data storage. Threat actors exploit `memfd` for fileless malware attacks, as its memory areas exist only in RAM, evading traditional file-based detection methods. Join me as I `memfd` as a forensic artifact, its implications in DFIR, and strategies for detecting its abuse.