SANS Digital Forensics and Incident Response Blog

BRAND NEW #DFIR COURSE - Windows Memory Forensics In-Depth

Memory analysis skills are one of the most in-demand skills for digital forensics, incident response, and malware analysts today. This August, SANS is introducing a brand new 5-day class dedicated to Windows Memory Forensics. The hands-on course, written by memory forensics pioneer Jesse Kornblum, is incredibly comprehensive and SANS is proud to offer it in the DC area as a beta preview course.

There are numerous benefits to taking the class early. First, you get to see the new material before anyone else. Second, the course is heavily discounted for the beta preview class so we can get feedback and fix anything in the course prior to the official release later this year. Having been to SANS events previously, we wanted to specifically invite you to attend this preview and see the new material before anyone else.

Washington D.C. — Metro Accessible

Aug 27th — 31th, 2012

https://www.sans.org/for526-beta-2012/description.php?tid=5355

Windows Memory Forensics In-Depth

Malware can hide, but it must run — The malware paradox is key to understanding that while intruders are becoming more advanced with anti-forensic tactics and techniques, it is impossible to hide their footprints completely from a skilled incident responder performing memory analysis. Learn how memory analysis works through learning about memory structures and context, memory analysis methods, and the current tools used to parse system ram.

Attackers will use anti-forensic techniques to hide their tracks. They use rootkits, file wiping, timestamp adjustments, privacy cleaners, and complex malware to hide in plain sight avoiding detection by standard host-based security measures. Every action that adversaries make will leave a trace; you merely need to know where to look. Memory analysis will give you the edge that you need in order to discover advanced adversaries in your network.

FOR526 - Memory Analysis In-Depth is one of the most advanced courses in the SANS Digital Forensics and Incident Response Curriculum. This cutting edge course covers everything you need to step through memory analysis like a pro.

We hope that you will consider attending the special preview course at the end of August in Washington D.C. This class is capped in size to keep the numbers intentionally low during the beta preview. If you plan to attend, consider signing up immediately.

Register early. During the beta run of the course, it will be listed at 1/2 price. We recommend you take advantage of this special offer to see the course before anyone else. Seats are truly limited. Consider signing up soon to guarantee a spot.

https://www.sans.org/for526-beta-2012/description.php?tid=5355