TWC | Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory Content

Play TWC | Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory Content
Sign in to queue

Description

Acquiring and analyzing physical memory as done by forensics professionals is a crucial skill to understand how an operating system works or worked during the incident. For hobbyists, working with memory can be useful to perform troubleshooting and understand how certain solutions work. Just as it is crucial to understand operating system internals and security aspects, it is equally critical to understand what's in the operating system's memory. The valuable content contains evidence of user actions, hacker's tasks, malicious code behaviors, and the story of what happened on a system. During this session Paula explains and shows the techniques for memory acquisition, techniques for grabbing the juicy data, and why it is so amazing to find someone's memory dump! This session is intense but practical at the same time—packed with a lot of live demos and stories! You won't want to miss a thing!

Tag:

Security

Day:

2

Session Type:

Breakout

Code:

CDP-B369

Room:

Hall 8.0 Room F5

Embed

Download

The Discussion

Add Your 2 Cents