Learn how to identify suspicious processes running in Windows memory

A system's memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can use this data to determine if a system has been infected with malware - a valuable skill for both incident response triage work as well as in digital forensic exams involving litigation.

This class provides you with the foundation knowledge to help you identify suspicious processes running in memory. Learn how to conduct a "level 1" triage of Windows memory which includes observing running processes and being able to identify suspicious behaviors. Further memory analysis is based on the fundamentals taught here.

Learn about notable Windows processes found on most systems.
Learn how to profile legitimate process behavior.
Learn how to triage memory and identify suspicious processes.
Hands-on practicals reinforce learning
Learn a method to continue to teach yourself more about legitimate process behavior.
Learn all of this in about one hour using all freely available tools.

Download