Memory Analysis
World-Class Technical Training for Digital Forensics Professionals
Training Courses
Our training courses are designed to prepare you for practical situations involving real adversaries and serious risks. We not only teach you how to detect and thoroughly investigate frequently used attacker techniques, but we cover the more covert ones that most analysts don't even know about. You'll execute these investigations using cutting-edge software that our instructors developed for exactly these types of situations.
This course demonstrates why memory forensics is a critical component of the digital investigation process and how investigators can gain the upper hand. The course will consist of lectures on specific topics in Windows, Linux, and Mac OS X memory forensics followed by intense hands-on exercises to put the topics into real world contexts. Exercises will require analysis of malware in memory, kernel-level rootkits, registry artifacts found in memory, signs of data exfiltration, and much more. This course is your opportunity to learn these invaluable skills from the researchers and developers that have pioneered the field. This is also the only memory forensics training class that is authorized to teach Volatility, officially sponsored by The Volatility Project, and taught directly by the Volatility developers.
Instructors: Michael Ligh, Jamie Levy, Andrew Case
During this training, students will learn the theory around digital forensics and incident response, as well as gain valuable hands-on experience with the same types of evidence and situations they will see in real-world investigations. The class is structured so that a specific analysis technique is discussed and then the students immediately analyze staged evidence using their newly gained knowledge. Not only does this approach reinforce the material learned, but it also gives the investigator a number of new skills as the course proceeds. Upon completion of the training, students will be able to effectively preserve and analyze a large number of digital evidence sources, including both on-disk and in-memory data. These skills will be immediately usable in a number of investigative scenarios, and will greatly enhance even experienced investigators' skillsets. Students will also leave with media that contains all the tools and resources used throughout the training.
Instructors: Jamie Levy, Andrew Case