Getting Started with Windows Memory Forensics

Focused View

Chris Behrens

52:36

98 View

00. Course Overview

00. Course Overview.mp4

01:14

01. Allocating Windows Objects and Pool

00. Collecting Volatile Data.mp4

01:18

01. Systems Overview.mp4

05:45

02. Data Structures.mp4

05:38

03. The Volatility Framework.mp4

03:35

02. Processing Memory Internals

00. Memory Acquisition.mp4

00:56

01. Preserving the Digital Environment.mp4

04:27

02. The Risk of Acquisition.mp4

01:35

03. Atomicity.mp4

01:45

04. Physical and Virtual Memory.mp4

01:25

05. Local Aquisition.mp4

01:26

06. Remote Acquisition.mp4

02:26

07. Runtime Interrogation.mp4

00:28

03. Hunting Malware in Process Memory

00. Hunting Malware in Process Memory.mp4

00:42

01. Process Environment Block.mp4

02:23

02. Data Structures.mp4

01:51

03. Finding Text on Notepads Heap.mp4

01:57

04. Environment Variables.mp4

02:06

05. Attacks on Environment Variables.mp4

01:55

06. Standard Handles.mp4

00:42

07. DLL.mp4

01:20

08. How DLLs Are Loaded.mp4

01:08

09. PE Files.mp4

03:00

10. Code Injection.mp4

00:51

04. Course Wrap Up

00. Course Wrap Up.mp4

01:01

01. Processing Memory Internals Wrap Up.mp4

00:52

02. Hunting Malware in Process Memory Wrap Up.mp4

00:50

Description

By learning how to capture computer memory and profile its contents, you'll add an invaluable resource to your incident response, malware analysis, and digital forensics capabilities.

What You'll Learn?

Companies protect themselves with digital defenses such as firewalls, encryption, and signature/heuristic scanning. Additionally, nations plan attacks by targeting power grids, infiltrating military data centers, and stealing trade secrets from both public and private sectors. In this course, Getting Started with Windows Memory Forensics, you will gain the ability to examine the different compartments of the windows operating system to discover abnormal or malicious behavior. First, you will learn how to examine process memory. Next, you will discover how to identify malicious network connections. Finally, you will explore how to detect code injection and perform memory extraction and analysis. When you are finished with this course, you will have the skills and knowledge of Windows Memory Forensics needed to examine the different compartments of the windows operating system to discover abnormal or malicious behavior.

More details

User Reviews

Rating

average 0

Total votes0

Focused display

Computer Network

Network Monitoring

Windows Server

Windows 10

Windows 11

Chris Behrens

Instructor's Courses

Pluralsight

View courses Pluralsight

Pluralsight, LLC is an American privately held online education company that offers a variety of video training courses for software developers, IT administrators, and creative professionals through its website. Founded in 2004 by Aaron Skonnard, Keith Brown, Fritz Onion, and Bill Williams, the company has its headquarters in Farmington, Utah. As of July 2018, it uses more than 1,400 subject-matter experts as authors, and offers more than 7,000 courses in its catalog. Since first moving its courses online in 2007, the company has expanded, developing a full enterprise platform, and adding skills assessment modules.