TechEd North America 2014

TWC: Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory Content

Download this episode

Download Video

Description

Acquiring and analyzing physical memory as done by forensics professionals is a skill crucial to understanding how an operating system works or worked during the incident. For hobbyists, working with memory can be useful to perform troubleshooting and understand how certain solutions work. Just as it is crucial to understand operating system internals and security aspects, it is equally critical to understand what's in the operating system's memory. The valuable content contains evidence of user actions, hacker's tasks, malicious code behaviors, and the story of what happened on a system. During this session Paula explains and shows the techniques for memory acquisition, techniques for grabbing the juicy data, and why it is so amazing to find someone's memory dump! This session is really intense but practical at the same time, as always it is packed with a lot of live demos and stories!

Day:

3

Session Type:

Breakout

Code:

DCIM-B350

Room:

Hilton L2 Ballrm A

Embed

Format

Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • manncl

      This is my second top session of TechEd 2014. Great information shared and some great tools mentioned that I will be adding to my toolkit.  

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to continue the conversation, please create a new thread in our Forums, or Contact Us and let us know.