Malware and Memory Forensics Training

NEW! All course content has been completely updated to coincide with the feature-parity release of Volatility 3!

Course Availability

Course Overview

MALWARE AND MEMORY FORENSICS TRAINING

This Malware and Memory Forensics Training course offered by the Volatility team is the only memory forensics course officially designed, sponsored, and taught by the core Volatility developers.

One of the main reasons Volatility was designed to be open source was to encourage and facilitate a deeper understanding of how memory analysis works, where the evidence originates, and how to interpret the data collected by the Framework’s extensive set of plugins. Now you can learn about these benefits firsthand from the developers of the most powerful, flexible, and innovative memory forensics tool.

Course Details

The ability to perform digital investigations and incident response is a critical skill for many occupations. Unfortunately, digital investigators frequently lack the training or experience to take advantage of the volatile artifacts found in physical memory. Volatile memory contains valuable information about the runtime state of the system, provides the ability to link artifacts from traditional forensic analysis (network, file system, registry), and provides the ability to ascertain investigative leads that have been unbeknownst to most analysts. Malicious adversaries have been leveraging this knowledge disparity to undermine many aspects of the digital investigation process with such things as anti-forensics techniques, memory resident malware, kernel rootkits, and encryption (file systems, network traffic, etc.). The only way to turn-the-tables and defeat a creative digital human adversary is through talented analysts.

This course demonstrates why memory forensics is a critical component of the digital investigation process and how investigators can gain the upper hand. The course will consist of lectures on specific topics in Windows and Linux memory forensics, followed by intense hands-on exercises to put the topics into real-world contexts. Our goal is to give you practical experience with all the major facets of memory analysis. For example, you’ll defeat disk encryption, recover cached passwords, investigate insider theft, compliment network forensics with data you find in memory, and hunt for attackers throughout corporate networks. We still leave enough room for detecting common RATs and hacker tools, reversing packed/compressed malicious code, and generating timelines from memory. You’ll even customize your own automated memory artifact scanner and engage in a fast-paced, challenging CTF that involves corroborating evidence across multiple memory samples (i.e., Windows PCs, Linux servers).

This course is intended for malware analysts, reverse engineers, incident responders, digital forensics analysts, law enforcement officers, federal agents, system administrators, corporate investigators, or anyone who wants to develop the skills necessary to combat advanced adversaries. Whether your interest is recreational, inspired by college or university study, or for the advancement of your career, we invite you to bring your curiosity and enthusiasm to this weeklong journey to the center of memory forensics.

This is the only memory forensics training course that is endorsed by the Volatility Foundation.

N

This Course Includes

  • In-depth lectures and hands-on labs
  • A copy of the presentation materials
  • A copy of The Art of Memory Forensics
  • A copy of the lab guide, including an answer key
  • Hands-on experience with a trial copy of Volexity Surge Collect Pro, the industry’s most reliable memory acquisition software
  • An installation script to transform Kali Linux instances into fully configured class virtual machines
  • Exclusive access to bleeding-edge Volatility plugins before they are released publicly
  • Personalized course completion certificate with CPE credits
  • An opportunity to enroll in the Volatility Training Alumni mailing list

ART OF MEMORY FORENSICS

The course includes a copy of The Art of Memory Forensics, however we encourage you to read as much as you can before class begins. Once you register for the course, you can request your copy through email and we’ll ship one to your desired destination. Hard/paper copies only ship to addresses within the continental U.S. For other locations, please request a digital copy (eBook, Mobi, or PDF).

VOLEXITY SURGE COLLECT PRO

We are offering discounts on Volexity Surge Collect Pro at the time of registration, so you’ll be fully equipped with powerful and reliable tools for collecting live response data, including RAM. For more information on this package deal, see our Memory Forensics Training FAQ.

Qualifications

N

Prerequisites

  • Students should have some experience with The Volatility Framework or other memory forensics tool(s).

  • Students should possess a basic knowledge of digital forensic investigation tools and techniques.

  • Students should be comfortable with general troubleshooting of both Linux and Windows (setup, configuration, networking).

  • Students should be familiar with popular system administration tools (i.e., Sysinternals Suite).

  • Students should be comfortable using the command line. 

  • Students should have a basic understanding of C/C++, Perl or Python. 

N

Requirements

In order to fully participate in the course, students are required to bring a properly pre-configured laptop. It is the student’s responsibility to make sure the laptop is set up prior to the beginning of the course. There is no time built into the course schedule to help people configure machines, so please let us know ahead of time if you have any questions or problems. The laptops can run Windows, Linux, or OSX as a host operating system, but it must be capable of virtualization. To ensure that you come prepared, we send registered attendees a training lab preparation guide in advance.

 

COURSE AVAILABILITY & REGISTRATION

Registration is currently OPEN for the following events. The price is per person (see our FAQs for any applicable discounts).

To register, first request an invite or send us an email to voltraining@memoryanalysis.net.

In-Person Memory Forensics Training Course

Online Training Course

Availability: Always available
Location: Virtual

Course Fee: USD $4,800

Engage in Windows and Linux Malware and Memory Forensics Training from the comfort of your home! This self-paced course includes video modules and hands-on labs developed by core Volatility developers.

This course is designed to prepare you for practical situations involving real adversaries and serious risks. You will not only learn how to detect and thoroughly investigate frequently used attacker techniques, but you’ll learn about the more covert ones that most analysts don’t even know about. You’ll execute these investigations using cutting-edge software that the instructors have developed for exactly these types of situations.

You’ll also have exclusive access to the course instructors as you make your way through the course content!

REQUEST AN INVITE

Learn about our Private Course Offerings!

For more information or any further assistance regarding courses or admission, you can visit our contact us page or click the button below.

Contact Us