Master Windows memory forensics with hands-on training using Volatility. Learn to script and automate malware assessments efficiently.
This course dives into Windows memory forensics with a focus on using Volatility. You'll get hands-on with memory images, automate tasks with scripting, and learn to identify and analyze malware, all within a chill one-hour session with free tools. Easy peasy, right?
Learn Windows memory forensics
Learn to script Volatility and conduct a malware compromise assessment.
This class provides you with hands on training working with a memory image in order to find evidence of compromise. Step-by-step the course teaches students how to automate memory forensic processing as well as how to interpret the findings. By the end of the course students will have an efficient forensic tool and methodology that may be used for any windows memory forensic exam.
This class teaches students how to conduct memory forensics using Volatility.
Learn how to use & combine plugin results to identify malware
Learn how to create a script to automate running plugins and post-processing data refinement
Learn how to run and interpret plugins
Hands-on practicals reinforce learning
Learn all of this in about one hour using all freely available tools.
Learn how to use Volatility
Learn to do a fast-triage malware compromise assessment
Understand plugin output for investigations
7 Lectures
15 Lectures
8 Lectures
5 Lectures
4 Lectures
Over 20 years of experience in Digital Forensics and Security Incident Response. Investigations span corporate (Fortune 500) incident response, technical litigation support for civil and criminal cases, and e-discovery. Author and developer of computer forensic training and analysis tools. Specialties include Windows forensics, Linux forensics, Mac forensics, & mobile device forensics. Certifications include: C|EH, CFCE, CISSP, EnCE, CCE
confusing setup process
Good
Good! was hoping for more theory on processes and more indepth on all the volatility modules, but this was also pretty helpfull
Very good course and practical explanations for tools.
I expected to learn what to look for in memory, not how to automically run volatility commands with a script.
This course seemed to be more about writing a bash script for volatility rather than a more in depth expansion on the plugins of volatility and doing memory forensics.
great course, only at the end I realized why it didn't work the way it was shown in the beginning and only at the end it was shown what should I do and also that why the results were different from the demo
Great course
nice
Your email address will not be published. Required fields are marked *
Neeraj R.
The course revolves around a script and a walk through of it instead of the actuals hands on. The topics were already covered in SDF1, same thing is explained here via script which doesn't make sense with the Title 2.
Half of the course is useless for someone already done SDF 1, moreover the script doesn't run, neither creates desired /exports and results as shown