SANS Digital Forensics and Incident Response Blog: Tag - Volatility

#FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July

FOR526 - 10% Off for vLive (Online Live Training)orCapital City in July. Use code = m3mory FOR526 - 10% Off forvLive(Online Live Training)orCapital City in July. Use code = m3mory Continue reading #FOR526 #MemoryForensics Course - Special Deal for Online Training and Capital City in July


New Advanced Persistent Threat Based - FOR508 Released in On-Demand

It begins on Day 0: A 3-4 letter government agency contacts your organization about some data that was found at another location. Don't ask us how we know, but you should probably check out several of your systems. You are compromised by the APT. Most organizations are left speechless as 90% of all intrusions are … Continue reading New Advanced Persistent Threat Based - FOR508 Released in On-Demand


Digital Forensics Case Leads: Pwn2Own 2011 underway

Last week I was in Boston teaching SANS FOR 408: Computer Forensic Essentials, now renamed to Windows Forensics In-Depth. Thank you to all those in my class, it was fun. Huge thanks to my facilitator, Mike. I mention the course here, because I had a mix of students from experienced veterans to those brand new … Continue reading Digital Forensics Case Leads: Pwn2Own 2011 underway


Memory Forensic Acquisition and Analysis 101

Stop Pulling The Plug!!

.

Over the past several years, many tools have been released that have focused on memory acquisition from Windows systems. The next step in memory forensics is analysis.Starting with the DFRWS 2005 challenge, memoryforensic analysis began a life that went beyond a rudimentary string search or data carve.Analysts were finally able to extract process related data from memory captured from a machine.

In 2008, this culminated with manyprofessionals stating at the SANS Forensic Summit that the day of "pulling the plug" during evidence

...