If you’ve taken Investigating Windows Endpoints (or already have the equivalent knowledge), this is a natural continuation of the content that deep dives into Windows memory forensics. Learn the foundations of how Windows memory is structured, how to acquire memory, how to analyze memory images using Volatility, MemProcFS, and WinDbg, and more! This is for you.
Syllabus
- Welcome and Introduction
- Initial Setup
- Foundations of Memory Forensics
- Acquiring Memory
- Poor Man’s Memory Forensics
- Memory Analysis with Volatility
- Malware Memory Analysis with Volatility
- Memory Analysis with MemProcFS
- Malware Memory Analysis with MemProcFS
- Introduction to WinDbg
- Additional Content
- Knowledge Assessment
