Class Central is learner-supported. When you buy through links on our site, we may earn an affiliate commission.

Udemy

SDF: Memory Forensics 1

via Udemy

Go to class Write review

Overview

Learn Windows memory forensics

What you'll learn:
  • Learn how to use Volatility
  • Learn to do a fast-triage compromise assessment
  • Understand plugin output for investigations
  • Learn the value of Windows core processes for exams

*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***

Learn to use Volatility to conduct a fast-triage compromise assessment.

A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.

This class teaches students how to conduct memory forensics using Volatility.

  • Learn how to do a fast-triage compromise assessment

  • Learn how to work with raw memory images, hibernation files and VM images

  • Learn how to run and interpret plugins

  • Hands-on practicals reinforce learning

  • Learn all of this in about one hour using all freely available tools.

Syllabus

  • Introduction
  • About volatility and memory forensics
  • About memory images
  • Using plugins
  • Triage with Volatility
  • Conclusion

Taught by

Michael Leclair

Reviews

4.5 rating at Udemy based on 587 ratings

Start your review of SDF: Memory Forensics 1

Go to class

Never Stop Learning.

Get personalized course recommendations, track subjects and courses with reminders, and more.

Sign up for free
Someone learning on their laptop while sitting on the floor.