Tags
Language
Tags
December 2024
Su Mo Tu We Th Fr Sa
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30 31 1 2 3 4

Sdf: Memory Forensics 1

Posted By: ELK1nG
Sdf: Memory Forensics 1

Sdf: Memory Forensics 1
Last updated 2/2019
MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHz
Language: English | Size: 1.34 GB | Duration: 1h 46m

Learn Windows memory forensics

What you'll learn

Learn how to use Volatility

Learn to do a fast-triage compromise assessment

Understand plugin output for investigations

Learn the value of Windows core processes for exams

Requirements

Students need PC, Mac or Linux system (virtual machine preferred)

Willingness to learn!

Description

*** COURSE COMPLETELY REWRITTEN AND UPDATED 2019 ***Learn to use Volatility to conduct a fast-triage compromise assessment.A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.This class teaches students how to conduct memory forensics using Volatility.Learn how to do a fast-triage compromise assessmentLearn how to work with raw memory images, hibernation files and VM imagesLearn how to run and interpret pluginsHands-on practicals reinforce learningLearn all of this in about one hour using all freely available tools.

Overview

Section 1: Introduction

Lecture 1 Welcome & Introduction

Lecture 2 Class outline

Lecture 3 Class setup

Lecture 4 Setup information

Lecture 5 Class Downloads

Section 2: About volatility and memory forensics

Lecture 6 Section Overview

Lecture 7 Forensic value

Lecture 8 About Processes

Lecture 9 Process demo

Lecture 10 Volatility overview

Lecture 11 Volatility setup

Lecture 12 Using Volatility

Section 3: About memory images

Lecture 13 Section Overview

Lecture 14 Identifying supported OS

Lecture 15 Supported Memory Formats

Lecture 16 Live captures

Lecture 17 RAM capture fundamentals

Lecture 18 Hiberfil & crash dumps

Lecture 19 Hiberfil & crash dump locations

Lecture 20 Practical: convert hiberfil.sys file

Lecture 21 VM hosts

Section 4: Using plugins

Lecture 22 Section overview

Lecture 23 Overview of plugins

Lecture 24 Listing plugins

Lecture 25 Imageinfo

Lecture 26 KDBG scan

Lecture 27 OS upgrade issues

Lecture 28 PSLIST

Lecture 29 PSSCAN

Section 5: Triage with Volatility

Lecture 30 Section overview

Lecture 31 Reference Material

Lecture 32 Windows core processes

Lecture 33 Collect running processes

Lecture 34 PSLIST - all WinCore check

Lecture 35 PSLIST - all non-WinCore check

Lecture 36 PSLIST - singleton check

Lecture 37 PSLIST - WinCore boot time check

Lecture 38 PSSCAN - all non WinCore

Lecture 39 PSSCAN - process sort

Lecture 40 Not boot time

Section 6: Conclusion

Lecture 41 What's next?

Lecture 42 Conclusion

Lecture 43 Thank You!

Computer forensic examiners,Computer crime investigators,Computer security incident responders,Security analysts,IT professionals,Students