14th Monday, January 19 to 18th Friday, January 19 8:00 am to 5:00 pm TBA | OMAN
Evidence present in the volatile memory plays a major role in Digital Forensics and Incident Response. Enhancing the skills to analyze system memory and examine the memory images will enable the memory investigators to detect and identify malicious activities successfully.This three (03) day hands-on training course will give you a very good understanding of memory structures and practical experience in analyzing the memory internals
Acquisition of Memory: Learn how to extract data from the system memory.
Extracting System Memory of Windows 32/64 Bit Systems
Extracting and Converting Hibernation and Pagefile Memory
Acquiring Virtual Machine Memory
Introduction to Volatility
Memory Forensics Analysis Process: Learn how Operating Systems track DLL, uncover hidden and unlinked DLLS, identify the processes of victims of code injection and extract the affected memory segments.
Detect and Identify Rogue Processes
Analyze DLLs and Handles
Examining Network Artifacts
Hunting for Evidence of Code Injection
Find Suspicious Processes and Drivers
Memory Forensics Examinations: An introduction to tools and techniques used to exam the data collected from the memory.
Live Memory Forensics
Advanced Memory Analysis
Hunting for Code Injection, Malware, and Rootkit in Memory
Performing In-Memory Windows Registry Examinations
Detect Typed Adversary Command Lines
Examine Windows Services
Hunting Malware Using Comparison Baseline Systems
This training course consists of several hands-on lab sessions to provide you with necessary skills for memory forensics.
LAB 1.1 – Data Collection
Extracting of Physical System Memory
Hibernation and Pagefile Memory
Virtual Machine Memory Acquisition
LAB 1.2 – Memory Analysis Using Volatility
Familiarity over general commands & methodology
Familiarity of VolShell
LAB 2.1 – Command Control botnet analysis
LAB 2.2 – Command line extraction
LAB 3.1- Windows Registry analysis
Participants must have working knowledge of Operating Systems
Mandatory Laptop Hardware Requirements
A laptop with Core i-5 processor, minimum 16 GB RAM, 1TB hard disk and a licensed version of Windows 10
Each participant will be provided with all lab exercises, a printed and soft copies of slides and mp3 files for each day.
Principle Consultant and Director at
EGUARDIANTM Global Services
Shihan has over 17 years of experience in secure network design, penetration testing, incident response, forensics and malware reverse engineering. Shihan has provided technology consulting including architectural guidance to many corporates and government sector organizations in aligning their businesses with security. Trained under the Volatility Foundation & SANS Institution in the US, Shihan is a trusted leader and a trend setter in the Information Security marketplace.