What you'll learn
- Learn how to use Volatility
- Learn to do a fast-triage compromise assessment
- Understand plugin output for investigations
- Learn the value of Windows core processes for exams
Requirements
- Students need PC, Mac or Linux system (virtual machine preferred)
- Willingness to learn!
Description
*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***
Learn to use Volatility to conduct a fast-triage compromise assessment.
A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.
This class teaches students how to conduct memory forensics using Volatility.
Learn how to do a fast-triage compromise assessment
Learn how to work with raw memory images, hibernation files and VM images
Learn how to run and interpret plugins
Hands-on practicals reinforce learning
Learn all of this in about one hour using all freely available tools.
Who this course is for:
- Computer forensic examiners
- Computer crime investigators
- Computer security incident responders
- Security analysts
- IT professionals
- Students
Instructor
- 4.5 Instructor Rating
- 3,738 Reviews
- 11,170 Students
- 17 Courses
Over 20 years of experience in Digital Forensics and Security Incident Response. Investigations span corporate (Fortune 500) incident response, technical litigation support for civil and criminal cases, and e-discovery. Author and developer of computer forensic training and analysis tools. Specialties include Windows forensics, Linux forensics, Mac forensics, & mobile device forensics.
Certifications include: C|EH, CFCE, CISSP, EnCE, CCE