DEMYSTIFYING MEMORY: UNCOVER IT ALL!
Date and time
Location
EGuardian Global Services
16th floor, Access Tower II Dawson street Colombo, WP 00200 Sri LankaRefund Policy
Description
Evidence present in the volatile memory plays a major role in Digital Forensics and Incident Response. Enhancing the skills to analyze system memory and examine the memory images will enable the memory investigators to detect and identify malicious activities successfully.
This three (03) day hands-on training course will give you a very good understanding of memory structures and practical experience in analyzing the memory internals
Day 1
Acquisition of Memory: Learn how to extract data from the system memory.
- Extracting System Memory of Windows 32/64 Bit System
- Extracting and Converting Hibernatioand Pagefile Memory
- Acquiring Virtual Machine Memory
- Introduction to Volatility
Day 2
Memory Forensics Analysis Process: Learn how Operating Systems track DLL, uncover hidden and unlinked DLLS, identify the processes of victims of code injection and extract the affected memory segments.
- Detect and Identify Rogue Processes
- Analyze DLLs and Handles
- Examining Network Artifacts
- Hunting for Evidence of Code Injection
- Detecting Rootkits
- Find Suspicious Processes and Drivers
Day 3
Memory Forensics Examinations: An introduction to tools and techniques used to exam the data collected from the memory.
- Live Memory Forensics
- Advanced Memory Analysis
- Hunting for Code Injection, Malware, and Rootkit in Memory
- Performing In-Memory Windows Registry Examinations
- Detect Typed Adversary Command Lines
- Examine Windows Services
- Hunting Malware Using Comparison Baseline Systems
This training course consists of several hands-on lab sessions to provide you with necessary skills for memory forensics.
LAB 1.1 – Data Collection
LAB 1.2 – Memory Analysis Using Volatility
LAB 2.1 – Command Control Botnet Analysis
LAB 2.2 – Command Line Extraction
LAB 3.1- Windows Registry Analysis