DFIR Operator Series: Memory Forensics
This course is a deep dive into memory forensics. We cover the acquisition and preservation of memory images, analysis of system artifacts and structures, identification of malicious code and suspicious behavior, and advanced techniques such as timeline analysis and memory carving.
Already have an account? Sign In »
Get hands-on with multiple topics related to memory forensics, including acquiring and preserving memory images, analyzing system artifacts and structures, identifying malicious code and suspicious behavior, and using advanced techniques such as timeline analysis and memory carving. Learn how to use various tools and techniques to extract data from memory images, including Volatility and other popular memory analysis tools.
Throughout the course, you will gain practical experience analyzing real-world memory dumps. You will learn how to identify system events, network connections, and user activity that can provide essential clues about the origin and nature of a security incident. You will also explore techniques for detecting and analyzing malware, including rootkits and other stealthy threats designed to evade detection by traditional security measures.