WEBCAST: Windows Memory Forensics
John Strand //
In the last webcast we covered initial Windows Live Forensics (see the recording here), in this one we play with memory from a compromised system. We cover the tools to dump memory from a system and some of the basic tools to look at the memory of a system which may be compromised.
(Apparently we didn’t pray hard enough to the demo gods and there are a few snafus but… hey, we’re real people too!)
Want the slides? Check out www.tinyurl.com/504extra2
Want to level up your skills and learn more straight from John himself?
You can check out his classes below!
Active Defense & Cyber Deception
Getting Started in Security with BHIS and MITRE ATT&CK
Available live/virtual and on-demand
February 13, 2017 @ 9:43 am
“this video is private” … where i put my bitcoins 😛
February 13, 2017 @ 10:16 am
It’s public now! ooops… (speaking of flubs…)
February 15, 2017 @ 12:06 pm
Google’s Rekall has been moved to https://github.com/google/rekall
Same with Volatility https://github.com/volatilityfoundation