malware forensics

Malware and Memory Forensics

Malware and Memory Forensics | M&MF

Malware & Memory Forensics Deep Dive

In this Malware & Memory Forensics workshop, you will learn details of how malware functions, and how it is categorized. Then you will be shown details of the structure of memory, and how memory works. There is plenty of hands-on memory forensics. You will learn how to analyze memory to find evidence of malware.

Workshop Outline

  • a. Swap space analysis
  • b. Memory Analysis
  • c. Data acquisition as per RFC 3227

  • a. Current processes
  • b. Memory mapped files
  • c. Caches
  • d. Open Ports

  • a. Data structures
  • b. Windows Objects
  • c. Processes
  • d. Handles
  • e. Pool-tag scanning
  • f. %SystemDrive%/hiberfil.sys
  • g. Page/Swap File

  • a. Using volatility
  • b. Dumpit.exe
  • c. hibr2bin
  • d. Win32dd
  • e. Win64dd
  • f. OSForensics


The purpose of the workshop is to teach students essential memory forensics; this workshop assumes a basic understanding of PC’s, networks, and basic forensics.

Who should attend?

This training is useful for any forensic investigator but is particularly interesting to those trying to trace data leaks, financial crimes, and cyber-related crimes. This workshop includes hands-on labs.

malware forensics

Build Your On-Demand Training Package

*US Residents Only, not available in West Virginia and Iowa.

Or choose a training option:

Still have questions?


Mon – Fri / 8:00 AM – 5:00 PM

Email Us

Upcoming Live Malware & Memory Forensics Training:

For Self-Paced, On-Demand training, click here

Train now, pay later with Affirm.