WEBCAST: Windows Memory Forensics

John Strand //

In the last webcast we covered initial Windows Live Forensics (see the recording here), in this one we play with memory from a compromised system. We cover the tools to dump memory from a system and some of the basic tools to look at the memory of a system which may be compromised.

(Apparently we didn’t pray hard enough to the demo gods and there are a few snafus but… hey, we’re real people too!)

Want the slides? Check out www.tinyurl.com/504extra2