This lesson covers volatile memory capture. There are numerous programs to accomplish this; some of the well-known ones are: · FTK Imager · DumpIT · Mandiant Redline The best practice is to use removable media with installed software, which captures virtual memory while not adding files which causes valuable data to be overwritten. After the data is collected; the following takes place: · Disk encryption · Forensic imagining · Volatile memory analysis · Analysis of data Reporting
Incident Response and Advanced Forensics
In this course, you will gain an introduction to Incident Response, learn how to develop three important protection plans, perform advanced forensics on the incident, deep dive into insider and malware threats, and commence incident recovery.