RAM Analysis & Forensics Syllabus 4-Day Course
We are pleased to announce the updated 4 day Advanced RAM Analysis course ready for 2021!
The course is designed for Hi Tech Crime Units and other digital investigators who want to leverage RAM to acquire evidence or intelligence which may be difficult or even impossible to acquire from disk. The course does not focus on the complex structures and technology behind how RAM works but rather how an investigator can extract what they need for an investigation quickly and simply.
A significant time is spent in advanced memory data extraction and analysis techniques including reconstruction of file systems, password location, decryption and deconstruction of memory resident Malware such as Stuxnet. Also interesting, is creating and scripting your own memory analysis toolkit.
A 32GB ruggedized USB key (download for online courses) is supplied for each student to keep with all software and RAM dumps.
An in-depth Syllabus can be found here. A brief summary of the syllybus can be found below.Syllabus
- Live Forensic procedures
- Live RAM imaging (Cmd line and GUI based)
- Imaging Windows 10 RAM
- Imaging Linux RAM
- Imaging Intel Mac’s (OSX)
- Disk imaging
- Creating and scripting your own USB toolkits (Ruggedized USB keys to keep included)
- Advanced Memory analysis using:
- Volatility 2
- Volatility 3
- Variety of other tools
- All new Decryption section
- OSX Keychain
- All new Malware section including Stuxnet deconstruction
- New Registry analysis section
- OSX RAM analysis
- Linux RAM analysis section
- Real world practicals
- Loads more.....
- Fianl day practical exam and review
Cost - From £1650 + VAT (£1850 + VAT residential)
The best forensics course I've ever done! - Swedish Police Officer