OS Analysis with Volatility

In this course, you will learn how to perform OS analysis of volatile memory using the tool volatility, the most advanced memory forensics framework.
Course info
Level
Intermediate
Updated
Jun 25, 2021
Duration
27m
Table of contents
Description
Course info
Level
Intermediate
Updated
Jun 25, 2021
Duration
27m
Your 10-day individual free trial includes:

Expert-led courses

Keep up with the pace of change with thousands of expert-led, in-depth courses.
Description

In this course, OS analysis with Volatility, you will cover how to utilize Volatility to identify and detect evidence of suspected compromise such as malicious commands and programs executed on a host computer system. You will learn how to extract the command line history from the volatile memory. You will also learn how to initiate an investigation of malicious programs and how to defend against malicious program execution. When you are finished with the course, you will have the skills and knowledge to aid in mitigating technique T1055 and 1059.

About the author
About the author

Tim Coakley is a Senior Security Solutions Architect for a large multi-national organisation and an author at PluralSight. Tim started a long and successful full-time career in Digital Forensics supporting the criminal justice system and law enforcement on a long list of criminal cases.

More from the author
Analyze Endpoint Data with Elasticsearch
Intermediate
1h 31m
Sep 24, 2021
File Analysis with TruffleHog
Intermediate
23m
Apr 15, 2021
Section Introduction Transcripts
Section Introduction Transcripts

Course Overview
Welcome to Pluralsight and this blue team tools course featuring Volatility, the open‑source OS analysis tool developed and maintained by AAron Walters and the Volatility Foundation. Having the ability to perform deep‑level analysis of systems within your organization provides a security professional with enhanced ability to detect and respond to cybersecurity threats. And here we want to reduce the time between any suspected compromise system and your organization detecting and remediating them. Without this capability, the vital evidence of compromise may never be identified, leading to continued threats impacted by serious security incidents, and you becoming the next data breach statistic. In this course, you'll learn how to use Volatility to analyze volatile memory. This will highlight the evidential benefits that are unique to this framework. We will specifically look for evidence of command line activity, but also for evidence of process injection. Both are common scenarios when a suspect system is being investigated either as part of an incident response of forensic investigation process. If this is completely new to you, don't worry. Analysis of volatile memory can be very complex, and some would argue is a dedicated job role to perform. This course will provide you with some simple techniques that you can use during a security incident that will better prepare and help you understand the framework and its benefits. With this new knowledge, you will be able to build more effective triage capabilities for those more involved incidents and look at methods to mitigate threat actors targeting your organization. Volatility has been available for many years, yet many organizations may not consider memory analysis as an effective use of often limited security resource. This course is aimed at all security professionals, whether for general awareness or how to implement and use the tool. The open source version of the tool is free, free to use at no cost. Please join me in learning Volatility and start to learn how to enhance your blue team capabilities today.