All course may now be found at SUMURI.COM. This course will remain live in UDEMY for existing students.
Conducting a RAM extraction as part of the computer evidence collection process is a front line examiner skill which becoming more and more in demand. A system's live memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can dig out evidence of hidden malware processes, user activity and encryption keys or password hashes that may be critical to accesses protected data.
This class provides you with the foundation knowledge to help you make better decisions about why or why not to capture live memory. It also gives you hands on experience using a number of freely available RAM capture tools and covers the advanced topic of using Inception.
Here are the tools I am using in class.
What we hope to accomplish in this section as well as a discussion on the different modes RAM tools use.
A look at DumpIt as a RAM extraction option.
Let's see DumpIt in action and get some experience with it.
A look a RAM Capturer as a RAM extraction option.
Let's see Ram Capturer in action and get some experience with it.
Next, let's look at Magnet's RAM Capture tool.
Let's see Magnet's RAM Capture Tool in action and get some experience with it.
Sometimes it gets a bad rap, but FTK Imager can be a valid RAM capture option. Let me explain why.
Let's see FTK Imager in action and get some experience with it.
A free forensic boot disc loaded with open source available forensic tools.
In this section I will show you a boot disc that has Inception preloaded on it and walk you through the process of running a DMA attack in order to attempt to capture RAM. First, let's take a look at what Inception is and when you may use it.
Let's take a look at using Inception with PALADIN.
This is another RAM extraction option.
A review of the class.
Thank you for joining me in another edition of the Surviving Digital Forensics series, I hope you enjoyed the class. Visit us at SUMURI.COM to learn more about the SDF series, our other training, the SDF BLOG, and more.
Follow me on Twitter @LeclairDF to keep up to date on the latest happenings and upcoming courses in the SDF series. If you have an idea for a class let me know!
Also, be sure to check out our YouTube channel: SumuriNews.
Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.
Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+
Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.