Author, Blue Team, Blue Team Tools, John Strand, Webcasts Memory Forensics, webcasts, Windows, Windows Memory Forensics

WEBCAST: Windows Memory Forensics

In the last webcast we covered initial Windows Live Forensics (see the recording here), in this one we play with memory from a compromised system. We cover the tools to dump memory from a system and some of the basic tools to look at the memory of a system which may be compromised.

(Apparently we didn’t pray hard enough to the demo gods and there are a few snafus but… hey, we’re real people too!)

Want the slides? Check out www.tinyurl.com/504extra2

Want to level up your skills and learn more straight from John himself?
You can check out his classes below!

SOC Core Skills

Active Defense & Cyber Deception

Getting Started in Security with BHIS and MITRE ATT&CK

Introduction to Pentesting

Available live/virtual and on-demand

3 Comments

itcentinela
February 13, 2017 @ 9:43 am

“this video is private” … where i put my bitcoins 😛
- BHIS
  February 13, 2017 @ 10:16 am
  
  It’s public now! ooops… (speaking of flubs…)
Tschotty
February 15, 2017 @ 12:06 pm

Google’s Rekall has been moved to https://github.com/google/rekall
Same with Volatility https://github.com/volatilityfoundation