If you’ve taken Investigating Windows Endpoints (or already have the equivalent knowledge), this is a natural continuation of the content that deep dives into Windows memory forensics. Learn the foundations of how Windows memory is structured, how to acquire memory, how to analyze memory images using Volatility, MemProcFS, and WinDbg, and more! This is for you.
Syllabus
Welcome and Introduction
Initial Setup
Foundations of Memory Forensics
Acquiring Memory
Poor Man’s Memory Forensics
Memory Analysis with Volatility
Malware Memory Analysis with Volatility
Memory Analysis with MemProcFS
Malware Memory Analysis with MemProcFS
Introduction to WinDbg
Additional Content
Knowledge Assessment