RAM Analysis

Live Forensics and RAM Analysis

You can download the course syllabus here:- Advanced Live Forensics flyer

Book your chosen course here – Limited availability:-

 RAM Analysis & Forensics Syllabus 4-Day Course

We are pleased to announce the enhanced 4 day Advanced RAM Analysis course.

The best forensics course I’ve ever done! – Swedish Police Officer

The course is designed for Hi Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk.  The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply.

Awesome detail about RAM stuff!

Awesome detail about RAM stuff.

An 8gig ruggedized USB key is supplied for each student to keep with all software and RAM dumps.

Syllabus

  • Live Forensic procedures
  • Live RAM imaging (Cmd line and GUI based)
  • Imaging Windows RAM to 8.1
  • Imaging Linux RAM
  • Imaging Intel Mac’s (OSX)
  • Volatile data acquisition
  • Disk imaging
  • Creating and scripting your own USB toolkits (Ruggedized USB keys to keep included)
  • Scripted disk imaging
  • Advanced Memory analysis
  • Extraction of bespoke file types
  • Extraction of Internet History
  • Extraction of Gmail contacts and other data
  • Extracting data from Hiberfil and Crashdump files
  • Understanding running processes and how they can help an investigation
  • Enumerating network sockets and connections
  • Finding and carving files for each process
  • Reconstructing the Internet History
  • Carving and investigating network packets
  • Understanding the PEB
  • Understanding the VAD
  • Extracting executables from memory samples
  • Virus checking RAM dumps
  • All new Malware section including Stuxnet, Zeus analysis and others
  • New Registry analysis section
  • Location and extraction of specific registry keys
  • Extracting the SAM and decrypting passwords
  • Finding other plain text passwords passwords
  • Cracking the OSX keychain
  • All new Linux RAM analysis section
  • Real world practicals
  • Loads more…..
  • New last day practical creating your own RAM analysis script to take away

Cost – £1650 + VAT (£1850 + VAT residential)