Windows volatile memory forensics for incident response presented at AUScert 2010

by Michael Cohen, Bradley Schatz,

Summary : This full day tutorial will teach forensic acquisition and analysis techniques with a focus on investigating and identifying potential malware or intrusions involving the Windows OS. The course is aimed at a technical audience, such as incident responders and forensic examiners, who are interested in learning the latest in volatile memory acquisition and analysis. Participants should be familiar with the Microsoft Windows platform, and have some familiarity with operating system principles.