Master Windows memory forensics with Volatility. Conduct compromise assessments, analyze memory images, and gain valuable skills for incident response in just one hour.
In this fun course, you’ll dive into Windows memory forensics and learn how to use Volatility to assess compromises quickly. You’ll be hands-on with raw memory and plugins, all in about an hour, using free tools. Super easy and effective for beginners and pros alike!
Learn Windows memory forensics
*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***
Learn to use Volatility to conduct a fast-triage compromise assessment.
A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.
This class teaches students how to conduct memory forensics using Volatility.
Learn how to do a fast-triage compromise assessment
Learn how to work with raw memory images, hibernation files and VM images
Learn how to run and interpret plugins
Hands-on practicals reinforce learning
Learn all of this in about one hour using all freely available tools.
Learn how to use Volatility
Learn to do a fast-triage compromise assessment
Understand plugin output for investigations
7 Lectures
9 Lectures
8 Lectures
11 Lectures
3 Lectures
Over 20 years of experience in Digital Forensics and Security Incident Response. Investigations span corporate (Fortune 500) incident response, technical litigation support for civil and criminal cases, and e-discovery. Author and developer of computer forensic training and analysis tools. Specialties include Windows forensics, Linux forensics, Mac forensics, & mobile device forensics. Certifications include: C|EH, CFCE, CISSP, EnCE, CCE
Excellent content on memory forensics for the beginner. The "Triage" section is a must in this course.
wonderful teaching session with hands on experience and with basic cover up.
It was an eye opener for me.
simple and thorough review of volatility
Only theory , even theory can be covered through doc or pdf also.
The image given in resources that's said to be used in lecture does not contain the anomalies shown in lecture. Thus we cannot replicate the results. For example I could not locate scvhost (misspelled process) on listing all windows non core process. . Neither could i locate q.exe and 3.exe listed during boot time check examples. The text file in video seems edited to incorporate these results. Overall the course explanation was good expect for the above issue.
clear, concise, easy to follow and understand.
Good information
fue una excelente eleccion ya que muestra una nueva herramienta adicional para el análisis de la memoria
Your email address will not be published. Required fields are marked *
Neeraj R.
The course is good to begin with, however it would have been better to cover the setup of volatility on different platforms, instead of directly using a readymade distro.
It would have been better to cover a bit of theory about the subject of the course eg: memdump. mem.raw, hiberfil etc
The author could have also shown the live memory capture instead of pointing to another course that hasn't been updates since 2015. Overall it's a good course to begin with and then explore more based on the " The Art o Memory Forensics " book. It will be great to introduce more detailed courses for intermediate and advanced level before anyone else does to be the Best selling author in this field.