Hello all,
I'm looking at sending a couple of my guys on the CSITech RAM Analysis Course.
Has anybody done this, and did you think it was worthwhile?
We are particularly interested in pulling 'chat' artefacts from RAM (live and RAM dumps), as well as the pagefile and hiberfil. Is this covered on the course?
We have IEF, however we'd like to be able to do it ourselves and not rely solely on a tool to do it for us.
Many thanks,
Mark
I have no experience with the CSITech course; have you considered Volatility training? They are, literally, writing the book on Memory Forensics and Volatility is the rockstar of memory analysis…
I can second this - heard nothing but good things about Volatility.
Edit On further reading the CSITech course does include Volatility use! So my point is perhaps not especially helpful )
Hello,
I just saw this course myself, and I think it's better to learn from the experts rather than someone else teaching their stuff.
We use Volatility, but only for very basic stuff ie. the stuff I learnt on the EnCase Advanced course.
I've pinged them to see if there are spaces left in London. Thanks for the heads up.
Mark
Hi guys, I run the CSITech training )
The Volatility training is top notch and I would highly recommend it. However, the course I run is a little different as we look at a number of techniques and tools although we do use Volatility quite a bit as it's brilliant.
The course does not include the Python programming aspect but is more designed for investigators to quickly learn to 'do damage' to a RAM dump and extract useful intel and evidence. The Volatility course is very malware focused and although we do a day on malware, is more evidence led.
This year I've taught this course at the Swedish Police Academy, the Dutch NHTCU and for the European Anti-Fraud Agency and have been invited back!
Please feel free to ping me on nick at csitech dot co dot uk and I'll happily provide references.
That said, the volatility course is excellent, especially if you do alot of malware investigations so I would not wish to downplay it one little bit.
All the best
Nick
Hi,
I used to work in the Metropolitan Police Central e Crime Unit (PCeU) technical team which did the forensic work on their operations. I attended Nick's RAM course a few years ago and at the time it was one of the 'must do' courses for that team. Learned loads and guys from the PCeU team were able to put it into practice straight away.
Hantsray