WEBCAST: Live Forensics & Memory Analysis

John Strand //

So you think you might have a compromised Windows system. If you do, where do you start? How would you review the memory of that system? What are the first 10 commands you’d run to see if it’s actually compromised?

This webcast is based on SANS 504, and introduces attendees to some free sample memory dumps and command output of compromised systems. BHIS has spent a fair amount of time creating samples for everyone to play with to sharpen their skills!

For more info, the slides and other information visit www.tinyurl.com/504-extra