Surviving Digital Forensics: RAM Extraction Fundamentals
3.8 (25 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
382 students enrolled
Wishlisted Wishlist

Please confirm that you want to add Surviving Digital Forensics: RAM Extraction Fundamentals to your Wishlist.

Add to Wishlist

Surviving Digital Forensics: RAM Extraction Fundamentals

Learn how to apply RAM extraction basics and get hands on experience using RAM capture tools - including Inception
3.8 (25 ratings)
Instead of using a simple lifetime average, Udemy calculates a course's star rating by considering a number of different factors such as the number of ratings, the age of ratings, and the likelihood of fraudulent ratings.
382 students enrolled
Created by Michael Leclair
Last updated 5/2015
English
Price: $150
30-Day Money-Back Guarantee
Includes:
  • 1 hour on-demand video
  • 3 Articles
  • Full lifetime access
  • Access on mobile and TV
  • Certificate of Completion
What Will I Learn?
  • Learn why RAM extractions are important to computer forensic investigations
  • Learn what types of valuable data may be stored in memory
  • Learn what to consider when making the decision to capture RAM
  • Get hands on experience using different RAM capture tools
  • Learn how to evaluate and benchmark your RAM extraction tools
  • Learn how to use INCEPTION to access password protected systems in order to capture RAM
View Curriculum
Requirements
  • You will need a Windows 7/8 system
  • I recommend you use either a virtual machine or test system to do the RAM capture practicals on
  • A USB Hard Drive is recommended to use as your RAM collection media (USB flash drives are acceptable)
  • All the ram capture tools are open source and provided as part of the class
  • You will need to download PALADIN (open source ISO) from SUMURI.COM for the INCEPTION practical
Description

All course may now be found at SUMURI.COM. This course will remain live in UDEMY for existing students.

Conducting a RAM extraction as part of the computer evidence collection process is a front line examiner skill which becoming more and more in demand. A system's live memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can dig out evidence of hidden malware processes, user activity and encryption keys or password hashes that may be critical to accesses protected data.

This class provides you with the foundation knowledge to help you make better decisions about why or why not to capture live memory. It also gives you hands on experience using a number of freely available RAM capture tools and covers the advanced topic of using Inception.

  • Learn why RAM extractions are important and how the data can affect your case.
  • Practical exercises give you hands on experience with different RAM extraction tools.
  • Learn how to evaluate and benchmark your RAM capture tools.
  • Learn how to use PALADIN to launch INCEPTION to gain access to password protected systems in order to extract RAM.
  • Learn all of this in about one hour using all freely available tools.
Who is the target audience?
  • This course is designed for computer forensic examiners that conduct on-scene triage and data collection
  • This course is appropriate for IT professionals that wish to learn more about RAM extraction fundamentals and tools
  • This course is appropriate for students that wish to learn more about RAM extraction fundamentals and get experience with RAM capture tools
Students Who Viewed This Course Also Viewed
Curriculum For This Course
21 Lectures
01:07:35
+
Introduction
2 Lectures 08:07

Welcome to the SDF Series!

Preview 05:28

A few tips to help you get the most out of this training.

Preview 02:39
+
RAM Extraction Fundamentals
3 Lectures 21:04

A look at what Windows systems store in RAM and its related forensic value.

Preview 08:42

Factors to consider when deciding whether or not to extract RAM.

The RAM Debate
09:03

Let's talk about hardware choices and how they affect RAM extractions.

Setting up for success
03:19
+
Hands-On with RAM Tools
10 Lectures 20:31

Here are the tools I am using in class.

RAM Tools for Class
00:16

What we hope to accomplish in this section as well as a discussion on the different modes RAM tools use.

Goals and Modes
02:34

A look at DumpIt as a RAM extraction option.

DumpIt Overview
01:42

Let's see DumpIt in action and get some experience with it.

DumpIt in Action
01:58

A look a RAM Capturer as a RAM extraction option.

Belkasoft's RAM Capturer Tool Overview
01:20

Let's see Ram Capturer in action and get some experience with it.

Belkasoft's RAM Capturer Tool in Action
01:44

Next, let's look at Magnet's RAM Capture tool.

Magnet RAM Capture Tool Overview
01:33

Let's see Magnet's RAM Capture Tool in action and get some experience with it.

Magnet RAM Capture Tool in Action
02:43

Sometimes it gets a bad rap, but FTK Imager can be a valid RAM capture option. Let me explain why.

FTK Imager RAM Capture Overview
02:50

Let's see FTK Imager in action and get some experience with it.

FTK Imager RAM Capture in Action
03:51
+
Using Inception
4 Lectures 14:12

A free forensic boot disc loaded with open source available forensic tools.

Download Paladin ISO
00:20

In this section I will show you a boot disc that has Inception preloaded on it and walk you through the process of running a DMA attack in order to attempt to capture RAM. First, let's take a look at what Inception is and when you may use it.

Inception Overview
07:21

Let's take a look at using Inception with PALADIN.

Inception in Action
06:10

This is another RAM extraction option.

Note about INCEPTION and RAM Capture
00:20
+
Conclusion
2 Lectures 03:30

A review of the class.

Review
02:52

Comprehension Quiz
5 questions

Thank you for joining me in another edition of the Surviving Digital Forensics series, I hope you enjoyed the class. Visit us at SUMURI.COM to learn more about the SDF series, our other training, the SDF BLOG, and more.

Follow me on Twitter @LeclairDF to keep up to date on the latest happenings and upcoming courses in the SDF series. If you have an idea for a class let me know!

Also, be sure to check out our YouTube channel: SumuriNews.

Thank you and final thoughts
00:38
About the Instructor
Michael Leclair
4.6 Average rating
318 Reviews
2,251 Students
15 Courses
Computer Forensic Analyst

Over twelve years of experience as a Computer Forensic Analyst, author and developer of computer forensic training and analysis tools. Specialties include: Windows forensics, Mac forensics, iOS forensics, Mac Server forensics & mobile device forensics. Creator of the "Surviving Digital Forensics" series and part of SUMURI's RECON for Mac OS X development team.

Certifications include: CFCE, CISSP, CCE, EnCE, A+, Network+

Regularly instruct law enforcement, government and corporate investigators both nationally and internationally in computer forensics.