malware forensics

Malware and Memory Forensics

Malware and Memory Forensics | M&MF

Malware & Memory Forensics Deep Dive

In this Malware & Memory Forensics workshop, you will learn details of how malware functions, and how it is categorized. Then you will be shown details of the structure of memory, and how memory works. There is plenty of hands-on memory forensics. You will learn how to analyze memory to find evidence of malware.

On
Demand

On Demand Instructor-led Training Videos

Official E-Courseware

Online CyberQ Labs

Certificate of Completion

One Additional Certification Course Included

Live Instructor-led Training (in-person or online)

Online Exam Prep (CEH, CHFI, CND Only)

Certification Exam

Exam Insurance Program

CodeRed Continuing Education Video Subscription

$499
$300
$165
$650

Unlimited On Demand
(Club)

On Demand Instructor-led Training Videos

Official E-Courseware

Online CyberQ Labs

Certificate of Completion

Live Instructor-led Training (in-person or online)*

Exam Insurance Program

Online Exam Prep (CEH, CHFI, CND Only)

Certification Exam

Unlimited Additional Certification Course Included

CodeRed Continuing Education Video Subscription

$2,999
$480
$2,999
$2,999


Live

On Demand Instructor-led Training Videos

Official E-Courseware

Online CyberQ Labs

Certificate of Completion

Live Instructor-led Training (in-person or online)

Exam Insurance Program

Online Exam Prep (CEH, CHFI, CND Only)

Certification Exam

One Additional Certification Course Included

CodeRed Continuing Education Video Subscription

$2,999
$480
$2,999
$2,999

*Upgrade any course to live training for $499

Select Training Options:

Course Outline

I. Types of Analysis

  • a. Swap space analysis
  • b. Memory Analysis
  • c. Data acquisition as per RFC 3227

II. In-memory data

  • a. Current processes
  • b. Memory mapped files
  • c. Caches
  • d. Open Ports

III. Memory Architectural Issues

  • a. Data structures
  • b. Windows Objects
  • c. Processes
  • d. Handles
  • e. Pool-tag scanning
  • f. %SystemDrive%/hiberfil.sys
  • g. Page/Swap File

IV. Tools used

  • a. Using volatility
  • b. Dumpit.exe
  • c. hibr2bin
  • d. Win32dd
  • e. Win64dd
  • f. OSForensics

V. Registry in Memory

This training is useful for any forensic investigator but is particularly interesting to those trying to trace data leaks, financial crimes, and cyber-related crimes. This workshop includes hands-on labs.

The purpose of the workshop is to teach students essential memory forensics; this workshop assumes a basic understanding of PC’s, networks, and basic forensics.

Save big. Join the club.

As an iClass Club member, you receive unlimited access to EC-Council’s library of video courses. Upgrade to live classes for only $499 each during the subscription year.

You can even finance your Club membership through our partnership with Affirm. In the cart, you’ll be able to split your purchase into easy monthly payments. Term lengths range from 3 to 36 months depending on eligibility and purchase amount, with rates starting as low as 0% APR.

*Your rate will be 0% APR or 10–30% APR based on credit and is subject to an eligibility check. 0% APR is subject to change. Payment options through Affirm are provided by these lending partners: affirm.com/lenders. Options depend on your purchase amount, and a down payment may be required. US Residents Only.

Certification Club Benefits:

Don’t limit yourself to one class per year, join the iClass Club and get your cybersecurity training directly from the source! No one course can make you an expert, so take advantage of EC-Council Master trainers in each subject area and become a well-rounded cybersecurity professional.

For approximately the cost of one live course, the iClass Club will stretch your budget from one course to many. With savings like that, you can afford to build a strong foundation of cybersecurity knowledge in ethical hacking, pen testing, network defense, incident response, computer forensics, and so much more!

Get Started

One Year Subscription

$2,999

Access to EC-Council’s full library of on-demand courses

Official e-courseware

iLabs*

Certification exam*

Move to “enhance” to upgrade your experience.

Enhance

During your subscription, you can upgrade to a live course for $499!

Official Printed Courseware

iLabs*

Certification exam*

Lastly, receive ongoing professional development by moving to the Continuing Education phase!

Continuing Education

One year of CodeRed

Included

Continue to learn and gather continuing education credits with CODERED!

Premium Content: 4000+ Premium Videos

Fresh Content: New courses and content are added weekly to keep up with the latest skills and technologies.

CodeRed course videos come with lab demos to reinforce course learning concepts and create a constant career learning companion.


Club Subscription in North America

Club Subscription outside of North America

Certification Club Terms:

*Not all courses and workshops have associated Labs and exams. Club members must complete 100% of a course before requesting their next course and to be eligible for that course’s exam voucher. CCISO students must meet the eligibility requirements to challenge the CCISO exam. Students who do not meet the CCISO qualifications must take the EISM exam. CodeRed subscription 12 months. Club membership applicable to EC-Council classes only and does not apply to third party or Hacker Halted classes. Devices such as drones or STORMs must be purchased separately at regular price. Drones and STORMs only ship to the US. Students outside of the US can attend drone workshops but must obtain a drone on their own. If a course version changes while your program is still active, you will be given updated material. If a course version changes after your Club is expired, you will need to purchase an extension to get the new version. Club valid for one year and term begins 24 hours after payment is received. After a period of one (1) year the program expires, and all courses are turned off. Lab access term is for 6 months from when a course is assigned. Additional lab time can be added for no extra charge upon request. Labs will not be extended beyond the Club term. Speak to your rep to extend your Club term for 1 year. Renewal price for the Club is $999. Discount not stackable. The Club is a single user license meaning that the courses cannot be shared, and the club is non-transferable.


If you are outside of North America and are interested in the club subscription, please click here.

If you are outside of North America and are interested in the club subscription, please click here.

If you are outside of North America and are interested in the club subscription, please click here.

Train now, pay later with Affirm.

Still have questions?

Fill out the form below and a representative will reach out to you shortly.

Name(Required)
Address(Required)