ＨｉｄｅＺｅｒｏＯｎｅ

If you’ve taken Investigating Windows Endpoints (or already have the equivalent knowledge), this is a natural continuation of the content that deep dives into Windows memory forensics. Learn the foundations of how Windows memory is structured, how to acquire memory, how to analyze memory images using Volatility, MemProcFS, and WinDbg, and more! This is for you.

Syllabus

Welcome and Introduction
Initial Setup
Foundations of Memory Forensics
Acquiring Memory
Poor Man’s Memory Forensics
Memory Analysis with Volatility
Malware Memory Analysis with Volatility
Memory Analysis with MemProcFS
Malware Memory Analysis with MemProcFS
Introduction to WinDbg
Additional Content
Knowledge Assessment

Investigating Windows Memory

FOR528 is a specialized course designed to equip cybersecurity professionals with the skills to investigate, respond to, and mitigate ransomware and cyber extortion attacks. The course covers the entire lifecycle of a ransomware incident, from initial infection and encryption to ransom negotiation, recovery, and forensic analysis.

FOR518 is the first non-vendor-based Mac and iOS incident response and forensics course that focuses students on the raw data, in-depth detailed analysis, and how to get the most out of their Mac and iOS cases. The intense hands-on forensic analysis and incident response skills taught in the course will enable analysts to broaden their capabilities and gain the confidence and knowledge to comfortably analyze any Mac or iOS device.

FOR508 is an advanced course designed for cybersecurity professionals who need to detect, investigate, and respond to sophisticated cyber threats, including advanced persistent threats (APTs) and targeted attacks. The course teaches cutting-edge digital forensics, threat hunting, and incident response techniques to track adversaries across compromised enterprise environments.

FOR498 is a specialized course designed for digital forensics professionals and incident responders who need to quickly acquire and assess evidence during critical cyber incidents. The course focuses on rapid data acquisition, efficient forensic analysis, and initial triage processes to support timely decision-making and incident response.

FOR500 is a specialized course designed to equip digital forensics professionals with the skills needed to investigate and analyze Windows-based systems. The course focuses on extracting and analyzing digital evidence from Windows operating systems, including artifacts related to user activity, system events, malware infections, and cyber attacks.