COURSE COMPLETELY REWRITTEN AND UPDATED 2019
Learn to use Volatility to conduct a fast-triage compromise assessment.
A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.
This class teaches students how to conduct memory forensics using Volatility.
- Learn how to do a fast-triage compromise assessment
- Learn how to work with raw memory images, hibernation files and VM images
- Learn how to run and interpret plugins
- Hands-on practicals reinforce learning
- Learn all of this in about one hour using all freely available tools.
- Students need PC, Mac or Linux system (virtual machine preferred)
- Willingness to learn!