malware forensics

Malware and Memory Forensics

Malware and Memory Forensics

Malware & Memory Forensics Deep Dive

In this Malware & Memory Forensics workshop, you will learn details of how malware functions, and how it is categorized. Then you will be shown details of the structure of memory, and how memory works. There is plenty of hands-on memory forensics. You will learn how to analyze memory to find evidence of malware.

Workshop Outline

  • a. Swap space analysis
  • b. Memory Analysis
  • c. Data acquisition as per RFC 3227

  • a. Current processes
  • b. Memory mapped files
  • c. Caches
  • d. Open Ports

  • a. Data structures
  • b. Windows Objects
  • c. Processes
  • d. Handles
  • e. Pool-tag scanning
  • f. %SystemDrive%/hiberfil.sys
  • g. Page/Swap File

  • a. Using volatility
  • b. Dumpit.exe
  • c. hibr2bin
  • d. Win32dd
  • e. Win64dd
  • f. OSForensics

Objectives

The purpose of the workshop is to teach students essential memory forensics; this workshop assumes a basic understanding of PC’s, networks, and basic forensics.

Who should attend?

This training is useful for any forensic investigator but is particularly interesting to those trying to trace data leaks, financial crimes, and cyber-related crimes. This workshop includes hands-on labs.

Buy Self-Paced Training:

malware forensics

Or choose a training option:

Still have questions?

1-888-330-HACK

Mon – Fri / 8:00 AM – 5:00 PM

Email Us

Upcoming Live Malware & Memory Forensics Training:

For Self-Paced, On-Demand training, click here