What you'll learn
- Learn how to use Volatility
- Learn to do a fast-triage compromise assessment
- Understand plugin output for investigations
- Learn the value of Windows core processes for exams
Requirements
- Students need PC, Mac or Linux system (virtual machine preferred)
- Willingness to learn!
Description
*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***
Learn to use Volatility to conduct a fast-triage compromise assessment.
A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.
This class teaches students how to conduct memory forensics using Volatility.
Learn how to do a fast-triage compromise assessment
Learn how to work with raw memory images, hibernation files and VM images
Learn how to run and interpret plugins
Hands-on practicals reinforce learning
Learn all of this in about one hour using all freely available tools.
Who this course is for:
- Computer forensic examiners
- Computer crime investigators
- Computer security incident responders
- Security analysts
- IT professionals
- Students
Course content
- Preview00:32
- Preview02:30
- 02:16Class setup
- 00:13Setup information
- 00:06Class Downloads
Instructor
Over 15 years of experience of Digital Forensic and Incident Response experience, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics.
Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+
Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.