Learn how to complete a malware triage exam of Windows memory

A system's memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can use this data to determine if a system has been infected with malware - a valuable skill for both incident response triage work as well as in digital forensic exams involving litigation.

This class picks up where Memory Analysis 2 left off. It provides you with hands on training working with an infected sample of memory. The course walks you through a complete level 1 Windows memory triage using open source tools. Students will learn several techniques and methodologies to exam memory and identify potential malware.

Learn how to set up a Linux virtual machine forensic workstation loaded with tools
Learn how to leverage Volatility as a triage tool
Learn how to run several Volatility Plugins and interpret the findings
Learn how to refine results to quickly find potential malware
Learn how to pull the $MFT from memory and incorporate it into the triage process
Learn how to prepare and submit potential malware samples to VirusTotal to gain further insight
Hands-on practicals reinforce learning and builds confidence
Learn all of this in about one hour using all freely available tools.