EC Council – Malware and Memory Forensics (M&MF) – Workshop



Workshop Outline

In this Malware & Memory Forensics workshop, you will learn details of how malware functions, and how it is categorized. Then you will be shown details of the structure of memory, and how memory works. There is plenty of hands-on memory forensics. You will learn how to analyze memory to find evidence of malware.

  • 1: Types of Analysis:
    • Swap space analysis, Memory analysis, Data acquisition as per RFC 3227
  • 2: In-memory data
    • Current processes, Memory mapped files, Caches, Open Ports
  • 3: Memory Architectural Issues
    • Data Structures
    • Windows Objects
    • Processes
    • Handles
    • Pool-tag scanning
    • %SystemDrive%/hiberfil.sys
    • Page / Swap File
  • 4: Tools Used
    • Using volatility
    • Dumpit.exe
    • hibr2bin
    • Win32dd
    • Win64dd
    • OSForensics
  • 5: Registry in Memory

Course Includes

  • Instructor led training modules (1 year access)

Course Objectives

The purpose of the workshop is to teach students essential memory forensics; this workshop assumes a basic understanding of PC’s, networks, and basic forensics.

Who is it for?

This training is useful for any forensic investigator but is particularly interesting to those trying to trace data leaks, financial crimes, and cyber-related crimes. This workshop includes hands-on labs.



There are no reviews yet.

Be the first to review “EC Council – Malware and Memory Forensics (M&MF) – Workshop”

Your email address will not be published. Required fields are marked *