Free

DFIR Operator Series: Memory Forensics

This course is a deep dive into memory forensics. We cover the acquisition and preservation of memory images, analysis of system artifacts and structures, identification of malicious code and suspicious behavior, and advanced techniques such as timeline analysis and memory carving.

Start Course Subscribe for Updates Need to train your team? Learn more

Create Free Account Need to train your team? Learn more

Time

intermediate

difficulty

ceu/cpe

Course Content

Memory Overview

Memory Acquisition

Memory vs. Deadbox Artifacts

Uncovering Malware Within Memory

Recovering Critical Artifacts

Course Description

Get hands-on with multiple topics related to memory forensics, including acquiring and preserving memory images, analyzing system artifacts and structures, identifying malicious code and suspicious behavior, and using advanced techniques such as timeline analysis and memory carving. Learn how to use various tools and techniques to extract data from memory images, including Volatility and other popular memory analysis tools.

Throughout the course, you will gain practical experience analyzing real-world memory dumps. You will learn how to identify system events, network connections, and user activity that can provide essential clues about the origin and nature of a security incident. You will also explore techniques for detecting and analyzing malware, including rootkits and other stealthy threats designed to evade detection by traditional security measures.

This course is part of a Career Path:

No items found.

Instructed by

No items found.

Provider

Certification Body

Certificate of Completion

Complete this entire course to earn a DFIR Operator Series: Memory Forensics Certificate of Completion

Page URL

Copy