TWC: Recalling Windows Memories: Useful Guide to Retrieving and Analyzing Memory Content

Download this episode

Download Video


Acquiring and analyzing physical memory as done by forensics professionals is a skill crucial to understanding how an operating system works or worked during the incident. For hobbyists, working with memory can be useful to perform troubleshooting and understand how certain solutions work. Just as it is crucial to understand operating system internals and security aspects, it is equally critical to understand what's in the operating system's memory. The valuable content contains evidence of user actions, hacker's tasks, malicious code behaviors, and the story of what happened on a system. During this session Paula explains and shows the techniques for memory acquisition, techniques for grabbing the juicy data, and why it is so amazing to find someone's memory dump! This session is really intense but practical at the same time, as always it is packed with a lot of live demos and stories!



Session Type:





Hilton L2 Ballrm A



Available formats for this video:

Actual format may change based on video formats available and browser capability.

    The Discussion

    • User profile image

      This is my second top session of TechEd 2014. Great information shared and some great tools mentioned that I will be adding to my toolkit.  

    Comments closed

    Comments have been closed since this content was published more than 30 days ago, but if you'd like to send us feedback you can Contact Us.