Last updated 2/2019MP4 | Video: h264, 1280x720 | Audio: AAC, 44.1 KHzLanguage: English | Size: 1.34 GB | Duration: 1h 46m
Learn Windows memory forensics What you'll learn Learn how to use Volatility Learn to do a fast-triage compromise assessment Understand plugin output for investigations Learn the value of Windows core processes for exams Requirements Students need PC, Mac or Linux system (virtual machine preferred) Willingness to learn! Description COURSE COMPLETELY REWRITTEN AND UPDATED 2019 Learn to use Volatility to conduct a fast-triage compromise assessment.A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.This class teaches students how to conduct memory forensics using Volatility.Learn how to do a fast-triage compromise assessmentLearn how to work with raw memory images, hibernation files and VM imagesLearn how to run and interpret pluginsHands-on practicals reinforce learningLearn all of this in about one hour using all freely available tools. Overview Section 1: Introduction Lecture 1 Welcome & Introduction Lecture 2 Class outline Lecture 3 Class setup Lecture 4 Setup information Lecture 5 Class s Section 2: About volatility and memory forensics Lecture 6 Section Overview Lecture 7 Forensic value Lecture 8 About Processes Lecture 9 Process demo Lecture 10 Volatility overview Lecture 11 Volatility setup Lecture 12 Using Volatility Section 3: About memory images Lecture 13 Section Overview Lecture 14 Identifying supported OS Lecture 15 Supported Memory Formats Lecture 16 Live captures Lecture 17 RAM capture fundamentals Lecture 18 Hiberfil & crash dumps Lecture 19 Hiberfil & crash dump locations Lecture 20 Practical: convert hiberfil.sys file Lecture 21 VM hosts Section 4: Using plugins Lecture 22 Section overview Lecture 23 Overview of plugins Lecture 24 Listing plugins Lecture 25 Imageinfo Lecture 26 KDBG scan Lecture 27 OS upgrade issues Lecture 28 PSLIST Lecture 29 PSSCAN Section 5: Triage with Volatility Lecture 30 Section overview Lecture 31 Reference Material Lecture 32 Windows core processes Lecture 33 Collect running processes Lecture 34 PSLIST - all WinCore check Lecture 35 PSLIST - all non-WinCore check Lecture 36 PSLIST - singleton check Lecture 37 PSLIST - WinCore boot check Lecture 38 PSSCAN - all non WinCore Lecture 39 PSSCAN - process sort Lecture 40 Not boot Section 6: Conclusion Lecture 41 What's next? Lecture 42 Conclusion Lecture 43 Thank You! Computer forensic examiners,Computer c investigators,Computer security incident responders,Security analysts,IT professionals,Students HomePage:
TO MAC USERS: If RAR password doesn't work, use this archive program:
RAR Expander 0.8.5 Beta 4 and extract password protected files without error.
TO WIN USERS: If RAR password doesn't work, use this archive program:
Latest Winrar and extract password protected files without error.
Themelli |
