O’Reilly – Forensic Analysis of Computer Memory
English | Size: 658.65 MB
Category: Comp: Security/Encryption
Our connected world today generates unimaginable volumes of data, and sometimes that information can be the key to helping law enforcement and corporate investigators solve crimes or reveal intrusions by hackers into a network. Memory analysis is important for incident responders and cases for which there is essential evidence that could be lost when a system is powered off. Fortunately, there are a number of tools that we can use to help with memory analysis.
In this course, entry- to intermediate-level IT professionals as well as law enforcement personnel can learn to use tools like Volatility and Rekall to acquire memory images from Windows, Linux, and macOS systems and examine them for signs of malware and other abnormalities. You’ll see the techniques needed to conduct digital forensic work, such as identifying running processes, and more.
Table of Contents
Introduction
Welcome To The Course 00:02:16
About The Author 00:02:17
Memory Analysis With Volatility
What Is Volatility? 00:02:42
Getting Image Information 00:03:01
Getting User Session Information 00:03:30
Getting System Information 00:02:39
Process Listings 00:03:22
Shared Library Listing 00:03:35
Process Memory Analysis 00:03:23
Virtual Address Descriptors 00:03:22
Kernel Modules 00:04:30
Looking For Drivers 00:02:30
Network Connections 00:02:32
Windows Registry Information 00:03:58
Getting Hashes 00:02:50
Shell Bag Analysis 00:02:44
Getting Malware Indicators 00:04:14
Extracting Processes 00:02:35
Locating Files In Memory 00:03:18
Memory Analysis With Rekall
What Is ReKall? 00:01:26
Installing ReKall In Virtual Environment 00:04:05
Working With Profiles 00:03:12
Interacting With ReKall 00:02:03
Using Regular Expressions With ReKall 00:03:04
Disassembling Processes From Memory 00:03:01
Using ReKall Sessions 00:02:43
Automating The Use Of ReKall in Python 00:04:12
Conclusion
What We Covered 00:02:30
DOWNLOAD:
http://nitroflare.com/view/B94DDAF5851D5FD/O%27Reilly_-_Forensic_Analysis_of_Computer_Memory.rar
If any links die or problem unrar, send request to http://goo.gl/aUHSZc
Leave a Reply