RAM Analysis

Live Forensics and RAM Analysis

You can download the course syllabus here: Advanced Live Forensics flyer

     RAM Analysis & Forensics Syllabus 4-Day Course

    We are pleased to announce the enhanced 4 day Advanced RAM Analysis course.

    The course is designed for Hi Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk.  The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply.

    An 8gig ruggedized USB key is supplied for each student to keep with all software and RAM dumps.

    Syllabus

    • Live Forensic procedures
    • Live RAM imaging (Cmd line and GUI based)
    • Imaging Windows RAM to 8.1
    • Imaging Linux RAM
    • Imaging Intel Mac’s (OSX)
    • Volatile data acquisition
    • Disk imaging
    • Creating and scripting your own USB toolkits (Ruggedized USB keys to keep included)
    • Scripted disk imaging
    • Advanced Memory analysis
    • Extraction of bespoke file types
    • Extraction of Internet History
    • Extraction of Gmail contacts and other data
    • Extracting data from Hiberfil and Crashdump files
    • Understanding running processes and how they can help an investigation
    • Enumerating network sockets and connections
    • Finding and carving files for each process
    • Reconstructing the Internet History
    • Carving and investigating network packets
    • Understanding the PEB
    • Understanding the VAD
    • Extracting executables from memory samples
    • Virus checking RAM dumps
    • All new Malware section including Stuxnet, Zeus analysis and others
    • New Registry analysis section
    • Location and extraction of specific registry keys
    • Extracting the SAM and decrypting passwords
    • Finding other plain text passwords passwords
    • Cracking the OSX keychain
    • All new Linux RAM analysis section
    • Real world practicals
    • Loads more…..
    • New last day practical creating your own RAM analysis script to take away

    Cost – From £1650 + VAT (£1850 + VAT residential)

     

    Forthcoming Dates

    March 5th to 8th
    Sweden - Law Enforcement only

    July 9th to 12th
    West Midlands, UK - Law Enforcement only

    September 10th to 13th
    Finland - Law Enforcement only

    October 15th to 18th
    Sweden - Law Enforcement only


    The best forensics course I've ever done! - Swedish Police Officer

    Awesome detail about RAM stuff!

    Awesome detail about RAM stuff.

     

    Book your RAM Analysis course using the form below:


    Your Name: (required)

    Your Email: (required)

    Number of places: (required)

    Starting date of course:
    March 5th to 8th 2018July 9th to 12th 2018September 10th to 13th 2018October 15th to 18th 2018


    Subject

    Your Message :