Time
4 hours 15 minutes
Difficulty
Beginner
CEU/CPE
4

Video Transcription

00:01
Hi. Welcome back to the course. This love. We're going to create and collect full memory dumping windows, using the windows crest of utility.
00:10
We need to have a memory. Don't file before learning some tools for memory analysis
00:15
for this love you Really not much injury in a recent version of Windows here we have our Windows 10 operating sister.
00:21
You will also need a Willbros. Hurt a little of the tools
00:25
Where if it is a little machine machine, a savory lab or a machine off your own Looking into Windows machine,
00:32
go to the concert burning
00:41
sister and security
00:43
Select system.
00:49
He hear clicking advanced system settings.
00:56
When the system property window appears in the band, stop clicking the aesthetics border there. The startup allegory section
01:11
Let complete Emery dm from the right. Never get information. Drop down menu
01:19
on, then clicking. Okay.
01:22
Usually it would ask you to restart the computer. You Norma, start right now as we're gonna do that later.
01:27
Okay?
01:32
No, we're gonna do is we're gonna open the web browser on Don't know that. No, My fault. 64 That exit
01:40
By going to the website
01:45
life, don't cease in. Turn off that come
01:56
first for the full name? No. My fault.
02:00
We're gonna load the known my folks system for Haas urine and 64 Beetle operating system.
02:07
Saving your computer.
02:09
We've got to save it in their local this day
02:13
in a folder in 8 10
02:21
Now open related compromised window by clicking on the start Icon on the bottom, Left hand corner type cnd
02:31
right. Click on it around us. An administrator
02:39
Check the directory. Folding your common prompt directory were not my fault. It's located my typing city under back thing,
02:50
I think here I'm going in a different disc.
02:54
I'm gonna write that the local 60
03:00
on the city
03:01
on the bus,
03:05
which is 10.
03:07
That is the folder where the police located.
03:17
No, My fault is a toga you can use to crash hand on cost karna memory leaks on your window systems. It's useful for learning how to identify undead enough device driver on hardware problems on you can also use it to generate blue screen. Don't fires on misbehaving sisters.
03:37
In this case,
03:38
by typing the following,
03:42
we're gonna lose.
03:44
We're gonna cross the computer
03:46
on the sister will create a large scandal. Don't file names memory dot the MP
03:57
After crushing after starting the computer, we need to locate the door file.
04:01
Look it The fire breast ular are under windows key on your key war on the same time
04:10
type system route
04:12
in the field on the Empress. Okay,
04:16
you will see them. The file name memory that D N P.
04:24
Now we know how to create memory dumps. In the next video, we're going to learn how to analyze this type of Merida fries. Don't forget to check the references on supplementary material for more information.

Up Next

Windows Forensics and Tools

The Windows Forensics and Tools course focuses on building digital forensics knowledge of Microsoft Windows operating systems, as well as some compatible software or tools that can be used to obtain or process information in such systems.

Instructed By

Instructor Profile Image
Adalberto Jose Garcia
Information Security Analyst at Bigazi
Instructor