Advanced
Advanced
Memory forensic training
With calls for incident response and fast forensics rising, memory forensics targeting volatile information of operating PCs such as communication status and process status is important because it can lead to faster incident grasping. And the need is drawing attention.
In this training course, we aim to acquire the knowledge and skills necessary for memory analysis and basic analysis methods.
Training start schedule
We accept individual consultations at any time
Curriculum
On the 1th day,
- Memory forensics overview
- The need for memory forensics
- Problems with memory forensics
- How memory works
- kernel
- User mode and kernel mode
- multitasking and process
- processes and threads
- Memory and CPU role
- memory management concept
- physical address and virtual address
- Data management in virtual space
- Before memory forensic analysis
- Knowledge required for memory analysis
- Checking Dynamic State with Windows Implementation Tools and Sysinternals
- exercise
On the 2th day,
- Get memory data
- Memory data remaining on the hard disk
- Memory dump
- Memory dump method
- Memory dump by software
- Getting Volatile Information Using Command Prompt
- exercise
- Basics of memory analysis
- memory dump file analysis tool
- Knowledge required for memory data analysis
- exercise
- Analysis training using sample data
* Each schedule will be from 9:30 to 17:00.
* Curriculum is subject to change.Please check when making inquiries.
Detailed information
Course target |
|
---|---|
Knowledge skills that can be acquired |
|
Tuition fee | Please contact us. |
Training
FRONTEO's Legal Tech AI
Please feel free to consult us.