Memory Forensics is an interesting topic and now a days a very crucial skill that Incident Responder should have to climb above the food chain. This course has been developed from absolute basics and with hands on practice for everyone. Memory forensics is an integral part of successful incident response investigations. Over the last year, incident response procedures have grown from investigating single computer images at time to investigating hundreds of thousand machines all at once. In the beginning of every investigation, the attacker is way ahead. Incident responders need to find ways to get ahead of the attackers quickly and kick them out of our networks. While there has been a lot of light shed on scaling hard drive artifact-based investigations to large numbers of endpoints, the memory forensics part has been the neglected part of classical forensics for a while.
Syllabus
- Introduction
- Memory Fundamentals
- Windows Acquisition Tools
- Windows Memory Leak
- Linux Acquisition Tools
- MacOS Acquisition Tools
- Introduction to Analysis Tools
- Introduction to Memory Management
- Windows Memory Analysis
- Linux Memory Analysis
- Memory Injection Techniques
- Hunting Malware in Memory
- Case Studies
- Docker Memory Forensics
- Assessment
