Kwelwild Posted May 31, 2013 Report Posted May 31, 2013 Description: A recording of the January DFIROnline meetup with Michael Cohen of GoogleMichael is one of the authors of Volatility and has presented a great lab on its' use at quite a few conferences. If you are not familiar with volatility or memory forensics this is not one to miss. The volatility team are also offering training in Windows Memory Forensics, for details see their blog.Memory forensics and analysis have become very powerful tools for the incident responder. In this workshop we will cover some of the basic ideas behind memory analysis in a practical way focusing on the Volatility Memory Forensics framework - and in particular on the upcoming technology preview branch. The following broad topics will be covered:1) Memory AcquisitionVolatility contains a full imaging solution for Windows, Linux and OSX systems. In addition to obtaining a fixed memory image, there is support for the analysis of live systems. We describe how to image and analyze live Windows systems and in particular we demonstrate how the running system appears to the forensic examiner with examples of normal and suspicious looking processes.2) Anti-ForensicsWe then examine the fundamentals of memory analysis. In particular we look at anti forensic techniques and how they target Volatility (and other) memory analysis tools.3) The Volatility FrameworkWe look at some of the plugins for windows memory analysis and how the different techniques can be used to cross check analysis results and potentially uncover hidden malware.DFIROnline is a monthly online meeting of digital forensic and incident response professionals. The purpose of these meetups is to enable information sharing among the DFIR community. These session are open to anyone, and occur on the third Thursday of every month at 2000 US eastern time. If you would like to get involved and present something please email meetup at writeblocked.org.Disclaimer: We are a infosec video aggregator and this video is linked from an external website. The original author may be different from the user re-posting/linking it here. Please do not assume the authors to be same without verifying.Original Source: Sursa: Memory Forensics With Michael Cohen Quote