TWC: Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory Content

Sign in to queue

Description

Acquiring and analyzing physical memory as done by forensics professionals is a skill crucial to understanding how an operating system works or worked during the incident. For hobbyists, working with memory can be useful to perform troubleshooting and understand how certain solutions work. Just as it is crucial to understand operating system internals and security aspects, it is equally critical to understand what's in the operating system's memory. The valuable content contains evidence of user actions, hacker's tasks, malicious code behaviors, and the story of what happened on a system. During this session Paula explains and shows the techniques for memory acquisition, techniques for grabbing the juicy data, and why it is so amazing to find someone's memory dump! This session is really intense but practical at the same time, as always it is packed with a lot of live demos and stories!

Day:

3

Session Type:

Breakout

Code:

DCIM-B350

Room:

Hilton L2 Ballrm A

Embed

Download

Download this episode

The Discussion

  • User profile image
    manncl

    This is my second top session of TechEd 2014. Great information shared and some great tools mentioned that I will be adding to my toolkit.  

Add Your 2 Cents