- About FIRST
- FIRST Members
- Global Initiatives
- Special Interest Groups (SIGs)
- Best Practices Contest
- Standardization efforts
- Affiliates
- Events
- Meetings
- Security Library
- Newsroom
Thursday — January 31st, 2013 09:30
The class introduces some of the new analysis features of Volatility versions 2.2 and 2.3. Students will analyze memory images and detect various malware hiding techniques, reconstruct command lines and screen contents, and inspect file system artifacts in memory.
Students should have completed one of the Volatility classes that were presented at TCs and Conferences during past years, or have similar knowledge. An Ubuntu-based training environment with Volatility 2.3(alpha) and real-world RAM images will be provided. Participants are expected to provide their own laptop, with at least 1 GB RAM free for applications, 10 GB free disk space, and the latest version of VMware (either Workstation, Player, or Fusion) installed. The virtual machine image will be available for download from http://r.forens.is/lisboa starting January 28, 2013.
Level: advanced / technical deep-dive. Basic knowledge of memory analysis on Windows and of Volatility required.
Andreas Schuster (Deutsche Telekom AG, DE) 
Copyright © 1995 - 2013 by FIRST.org, Inc.
