Getting Started with Memory Forensics Using Volatility

With the increasing sophistication of malware, adversaries, and insider threats, memory forensics is a critical skill that forensic examiners and incident responders should have the ability to perform.
Course info
Level
Intermediate
Updated
Oct 17, 2019
Duration
1h 22m
Table of contents
Course Overview
Getting Started with Volatility
Memory Profile Creation and Command-line Basics for Linux
Memory Profile Creation and Command-line Basics for macOS
Command-line Basics for Windows: Image Identification & Process Listing
Command-line Basics for Windows: Networking & Registry
Command-line Basics for Windows: Other Useful Commands
Tying It All Together
Description
Course info
Level
Intermediate
Updated
Oct 17, 2019
Duration
1h 22m
Description

Memory forensics is a critical skill that forensic examiners and incident responders should have the ability to perform. With the increasing sophistication of malware, adversaries, and even insider threats, relying just on dead-box forensics and other security tools without extracting the valuable information located in volatile memory can result in missing out on key artifacts needed for a forensic investigation. In this course, Getting Starting with Memory Forensics Using Volatility, you will gain a foundational knowledge of how to perform memory forensics using the Volatility framework. First, you will learn the background information of Volatility including how to download, configure, and run it. Next, you will explore how to utilize Volatility to perform memory forensics on Linux, macOS, and Windows memory images. Finally, you will go through a real life scenario entailing of a security incident in which we will leverage volatility to perform memory forensics on an image in order to discover what occurred on the victim host. When you're finished with this course, you will have the skills and knowledge needed to perform memory forensics using Volatility.

About the author
About the author

Collin Montenegro is a Cybersecurity professional who is passionate about all things cybersecurity and IT related!

Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
[Autogenerated] Hi, everyone. My name is Colin Montenegro and welcome to my course getting started with memory forensics using volatility. I am a cyber security professional who was a blue team right heart. I also happen to be the founder of the largest cyber security group in Las Vegas named Shadow Syndicate. Overtime. The sophistication of malware adversaries and even insider threats have increased, making standard dead box forensics more difficult to obtain the necessary artifacts needed without the help of memory forensics. It is critical that forensic examiners and incident responders have the ability to perform memory forensics in order to ensure they're not leaving key evidence behind that could be used to help solve a forensics investigation. In this course, we're going to learn how to perform memory forensics, extracting key artifacts and information using a tool called Volatility. Some of the major topics that we will cover include a background on description of volatility, volatility, memory profile, creation in command line basics for Lennox volatility, memory profile creation and command line basics for Mac OS in volatility, command line basics for Windows. By the end of this course, you'll know had a fully leverage volatility to perform memory friend. It's on a memory image to help gather. Keep artifacts for forensics investigation before beginning the course. You should be familiar with the fundamental concepts of digital forensics as well as a basic understanding of the limits. Mac OS and Windows operating systems and their command line interface is. I hope you'll join me on this journey to learn how to use volatility to poor memory. Forensics with the getting started with memory Forensics using volatility course Apple site.