This course will include lectures followed by specific hands-on exercises to give you real world context. (Bring your laptop for the practical labs)
Memory forensics is a critical component of any investigation. Memory is volatile and contains valuable information about the runtime state of a system. Investigators often use the volatile artifacts found in physical memory to identify attacks and attackers.
The use of traditional forensic disk artifacts is becoming increasingly difficult. Attackers use many techniques to undermine a traditional investigation. The use of anti-forensics and memory-resident malware are on the rise.
The goal is to give you practical experience with memory analysis, the use of the Volatility framework in conjunction with YARA to identify malware running in memory.