±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 34595
New Yesterday: 0 Visitors: 192

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Webinars

SANS 526 (2017)

Sell your old stuff here or post requests for things you want. STRICTLY PRIVATE ADS ONLY.
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

SANS 526 (2017)

Post Posted: Tue Nov 14, 2017 2:34 am

Sans FOR 526 Memory Forensics In-Depth 2017


FOR526: Memory Forensics In-Depth provides the critical skills necessary for digital forensics examiners and incident responders to successfully perform live system memory triage and analyze captured memory images. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

In today's forensics cases, it is just as critical to understand memory structures as it is to understand disk and registry structures. Having in-depth knowledge of Windows memory internals allows the examiner to access target data specific to the needs of the case at hand. For those investigating platforms other than Windows, this course also introduces OSX and Linux memory forensics acquisition and analysis using hands-on lab exercises.

There is an arms race between analysts and attackers. Modern malware and post-exploitation modules increasingly employ self-defense techniques that include more sophisticated rootkit and anti-memory analysis mechanisms that destroy or subvert volatile data. Examiners must have a deeper understanding of memory internals in order to discern the intentions of attackers or rogue trusted insiders. FOR526 draws on best practices and recommendations from experts in the field to guide DFIR professionals through acquisition, validation, and memory analysis with real-world and malware-laden memory images.


The course materials are available for selling.
FOR526.1: Foundations in Memory Analysis and Acquisition
FOR526.2: Unstructured Analysis and Process Exploration
FOR526.3: Investigating the User via Memory Artifacts
FOR526.4: Internal Memory Structures
FOR526.5: Memory Analysis on Platforms Other than Windows
Workbook
USB flash



See also:
SANS FOR518: Mac Forensic Analysis course materials (2017)

SANS FOR508 Advanced Digital Forensics and Incident Response (2016)

SANS FOR500: Windows Forensic Analysis
_________________
Computer, Cell Phone & Chip-Off Forensics

linkedin.com/in/igormikhaylovcf 

Igor_Michailov
Senior Member
 
 

Page 1 of 1