Forums
Main Category
General (Technical,...
CSITech - RAM Analy...
 
Notifications
Clear all

CSITech - RAM Analysis Course

 
General (Technical, Procedural, Software, Hardware etc.)
Last Post by hantsray 10 years ago
6 Posts
5 Users
0 Likes
368 Views
RSS
 markl1975
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Hello all,

I'm looking at sending a couple of my guys on the CSITech RAM Analysis Course.

Has anybody done this, and did you think it was worthwhile?

We are particularly interested in pulling 'chat' artefacts from RAM (live and RAM dumps), as well as the pagefile and hiberfil. Is this covered on the course?

We have IEF, however we'd like to be able to do it ourselves and not rely solely on a tool to do it for us.

Many thanks,

Mark

 
Posted : 16/04/2014 7:40 pm
ForensicRanger
 ForensicRanger
(@forensicranger)
Posts: 122
Estimable Member
 

I have no experience with the CSITech course; have you considered Volatility training? They are, literally, writing the book on Memory Forensics and Volatility is the rockstar of memory analysis…

 
Posted : 17/04/2014 5:51 pm
Chris_Ed
 Chris_Ed
(@chris_ed)
Posts: 314
Reputable Member
 

I can second this - heard nothing but good things about Volatility. They have a course running in London in June, too.

Edit On further reading the CSITech course does include Volatility use! So my point is perhaps not especially helpful )

 
Posted : 17/04/2014 7:33 pm
 markl1975
(@markl1975)
Posts: 63
Trusted Member
Topic starter
 

Hello,

I just saw this course myself, and I think it's better to learn from the experts rather than someone else teaching their stuff.

We use Volatility, but only for very basic stuff ie. the stuff I learnt on the EnCase Advanced course.

I've pinged them to see if there are spaces left in London. Thanks for the heads up.

Mark

 
Posted : 17/04/2014 7:54 pm
nickfx
 nickfx
(@nickfx)
Posts: 131
Estimable Member
 

Hi guys, I run the CSITech training )

The Volatility training is top notch and I would highly recommend it. However, the course I run is a little different as we look at a number of techniques and tools although we do use Volatility quite a bit as it's brilliant.

The course does not include the Python programming aspect but is more designed for investigators to quickly learn to 'do damage' to a RAM dump and extract useful intel and evidence. The Volatility course is very malware focused and although we do a day on malware, is more evidence led.

This year I've taught this course at the Swedish Police Academy, the Dutch NHTCU and for the European Anti-Fraud Agency and have been invited back!

Please feel free to ping me on nick at csitech dot co dot uk and I'll happily provide references.

That said, the volatility course is excellent, especially if you do alot of malware investigations so I would not wish to downplay it one little bit.

All the best

Nick

 
Posted : 24/04/2014 9:41 pm
 hantsray
(@hantsray)
Posts: 1
New Member
 

Hi,

I used to work in the Metropolitan Police Central e Crime Unit (PCeU) technical team which did the forensic work on their operations. I attended Nick's RAM course a few years ago and at the time it was one of the 'must do' courses for that team. Learned loads and guys from the PCeU team were able to put it into practice straight away.

Hantsray

 
Posted : 24/04/2014 10:26 pm
Forum Jump:
  Previous Topic
Next Topic  
Share: