Udemy
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
Development
Web Development Data Science Mobile Development Programming Languages Game Development Database Design & Development Software Testing Software Engineering Software Development Tools No-Code Development
Business
Entrepreneurship Communication Management Sales Business Strategy Operations Project Management Business Law Business Analytics & Intelligence Human Resources Industry E-Commerce Media Real Estate Other Business
Finance & Accounting
Accounting & Bookkeeping Compliance Cryptocurrency & Blockchain Economics Finance Finance Cert & Exam Prep Financial Modeling & Analysis Investing & Trading Money Management Tools Taxes Other Finance & Accounting
IT & Software
IT Certifications Network & Security Hardware Operating Systems & Servers Other IT & Software
Office Productivity
Microsoft Apple Google SAP Oracle Other Office Productivity
Personal Development
Personal Transformation Personal Productivity Leadership Career Development Parenting & Relationships Happiness Esoteric Practices Religion & Spirituality Personal Brand Building Creativity Influence Self Esteem & Confidence Stress Management Memory & Study Skills Motivation Other Personal Development
Design
Web Design Graphic Design & Illustration Design Tools User Experience Design Game Design 3D & Animation Fashion Design Architectural Design Interior Design Other Design
Marketing
Digital Marketing Search Engine Optimization Social Media Marketing Branding Marketing Fundamentals Marketing Analytics & Automation Public Relations Paid Advertising Video & Mobile Marketing Content Marketing Growth Hacking Affiliate Marketing Product Marketing Other Marketing
Lifestyle
Arts & Crafts Beauty & Makeup Esoteric Practices Food & Beverage Gaming Home Improvement & Gardening Pet Care & Training Travel Other Lifestyle
Photography & Video
Digital Photography Photography Portrait Photography Photography Tools Commercial Photography Video Design Other Photography & Video
Health & Fitness
Fitness General Health Sports Nutrition & Diet Yoga Mental Health Martial Arts & Self Defense Safety & First Aid Dance Meditation Other Health & Fitness
Music
Instruments Music Production Music Fundamentals Vocal Music Techniques Music Software Other Music
Teaching & Academics
Engineering Humanities Math Science Online Education Social Science Language Learning Teacher Training Test Prep Other Teaching & Academics
Web Development JavaScript React CSS Angular Node.Js PHP HTML5 WordPress
AWS Certification Microsoft Certification AWS Certified Solutions Architect - Associate AWS Certified Cloud Practitioner CompTIA A+ Amazon AWS Cisco CCNA AWS Certified Developer - Associate Microsoft AZ-900
Microsoft Power BI SQL Tableau Business Analysis Data Modeling Business Intelligence Blockchain MySQL Data Analysis
Unity Game Development Fundamentals Unreal Engine C# 3D Game Development C++ 2D Game Development Unreal Engine Blueprints Mobile Game Development
Google Flutter Android Development iOS Development React Native Swift Dart (programming language) Mobile Development Kotlin SwiftUI
Graphic Design Photoshop Adobe Illustrator Drawing Digital Painting InDesign Canva Art Composition Design Theory
Life Coach Training Neuro-Linguistic Programming Personal Development Personal Transformation Mindfulness Life Purpose Meditation CBT Cognitive Behavioral Therapy Sound Therapy
Business Fundamentals Entrepreneurship Fundamentals Freelancing Business Strategy Business Plan Startup Online Business Blogging Home Business
Digital Marketing Social Media Marketing Marketing Strategy Internet Marketing Google Analytics Email Marketing YouTube Marketing Copywriting Advertising Strategy

IT & Software Network & Security Computer Forensics

SDF: Memory Forensics 1

Learn Windows memory forensics
Rating: 4.5 out of 54.5 (282 ratings)
1,701 students
Created by Michael Leclair
Last updated 2/2019
English
English [Auto]

What you'll learn

  • Learn how to use Volatility
  • Learn to do a fast-triage compromise assessment
  • Understand plugin output for investigations
  • Learn the value of Windows core processes for exams

Requirements

  • Students need PC, Mac or Linux system (virtual machine preferred)
  • Willingness to learn!

Description

*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***

Learn to use Volatility to conduct a fast-triage compromise assessment.

A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.

This class teaches students how to conduct memory forensics using Volatility.

  • Learn how to do a fast-triage compromise assessment

  • Learn how to work with raw memory images, hibernation files and VM images

  • Learn how to run and interpret plugins

  • Hands-on practicals reinforce learning

  • Learn all of this in about one hour using all freely available tools.

Who this course is for:

  • Computer forensic examiners
  • Computer crime investigators
  • Computer security incident responders
  • Security analysts
  • IT professionals
  • Students

Course content

6 sections • 43 lectures • 1h 45m total length

  • Preview00:32
  • Preview02:30
  • Class setup
    02:16
  • Setup information
    00:13
  • Class Downloads
    00:06

  • Preview00:49
  • Preview04:30
  • About Processes
    02:09
  • Process demo
    04:19
  • Volatility overview
    01:52
  • Volatility setup
    01:08
  • Using Volatility
    03:32

  • Preview02:06
  • Identifying supported OS
    01:08
  • Supported Memory Formats
    01:22
  • Live captures
    05:36
  • RAM capture fundamentals
    00:07
  • Hiberfil & crash dumps
    02:32
  • Hiberfil & crash dump locations
    00:10
  • Practical: convert hiberfil.sys file
    10:01
  • VM hosts
    02:47

  • Section overview
    00:51
  • Overview of plugins
    01:33
  • Listing plugins
    01:02
  • Imageinfo
    02:38
  • KDBG scan
    01:35
  • OS upgrade issues
    01:42
  • PSLIST
    03:36
  • PSSCAN
    02:58

  • Preview00:50
  • Reference Material
    00:00
  • Windows core processes
    07:17
  • Collect running processes
    01:24
  • PSLIST - all WinCore check
    03:47
  • PSLIST - all non-WinCore check
    02:14
  • PSLIST - singleton check
    01:15
  • PSLIST - WinCore boot time check
    01:50
  • PSSCAN - all non WinCore
    06:24
  • PSSCAN - process sort
    03:35
  • Not boot time
    03:44

  • What's next?
    02:52
  • Conclusion
    04:13
  • Thank You!
    00:39

Instructor

Michael Leclair
DFIR Professional
Michael Leclair
  • 4.5 Instructor Rating
  • 1,531 Reviews
  • 5,712 Students
  • 15 Courses

Over 15 years of experience of Digital Forensic and Incident Response experience, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. 

Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+

Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.

  • Udemy Business
  • Teach on Udemy
  • Get the app
  • About us
  • Contact us
  • Careers
  • Blog
  • Help and Support
  • Affiliate
  • Investors
  • Impressum Kontakt
  • Terms
  • Privacy policy
  • Cookie settings
  • Sitemap
  • Accessibility statement
Udemy
© 2021 Udemy, Inc.