Join us for the FREE Cyber Defense Forum | Live Online on October 9


Subscribe to SANS Newsletters

Join the SANS Community to receive the latest curated cyber security news, vulnerabilities and mitigations, training opportunities, and our webcast schedule.

SANS New Orleans Training to Address the Urgent Need for Incident Response Teams to Strengthen their In-House Memory Forensic Capabilities

Will Offer Insight into How to Successfully Hunt Modern Malware in Memory

  • Bethesda, MD
  • November 7, 2016

SANS Institute, the global leader in information security training, today announced it will address the urgent need for incident response (IR) teams to focus investigative efforts on system memory at the SANS Security East 2017 training event in New Orleans, January 9 - 14. The FOR526: Memory Forensics In-Depth course will arm IR and digital forensic (DF) professionals with the advanced investigative methods to find evidence in volatile memory even in the newest OS versions such as Windows 10.

According to the co-author and instructor of FOR526, Alissa Torres, "Windows 10 adoption is steadily increasing. As the prevalence of Windows 10 continues to grow, investigators will soon be diving into unknown territory, encountering new applications and forensic artifacts. To effectively and efficiently spot malicious code, responders must know what normal now looks (and acts) like. It is time to focus on "re-education" and development of the skills needed to perform Windows 10 live system memory triage, acquisition and analysis." Join Alissa Torres in New Orleans where she will discuss the new challenges in the world of forensics and how to spot modern malware.

The FOR526: Memory Forensics In-Depth course provides the critical skills necessary for DF examiners and incident responders to successfully perform live system memory triage and analyze captured memory images. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

To aid in rapid proficiency, students in the FOR526 course will participate in newly-added intensive hands-on memory forensic challenges. These challenges incorporate the SANS NetWars scoring server and are designed to help students test and hone their memory analysis skills.

For a complete list of courses offered at SANS Security East 2017, bonus evening discussions or to register, please visit:

About SANS Institute

The SANS Institute was established in 1989 as a cooperative research and education organization. Today, SANS is the most trusted and, by far, the largest provider of cyber security training and certification to professionals in government and commercial institutions worldwide. Renowned SANS instructors teach more than 60 courses at In-Person and Live Online cyber security training events, and more than 50 courses are available anytime, anywhere with our OnDemand platform. GIAC, an affiliate of the SANS Institute, validates practitioner skills through more than 35 hands-on, technical certifications in cyber security. The SANS Technology Institute, a regionally accredited independent subsidiary, offers a master’s degree, graduate certificates, and an undergraduate certificate in cyber security. SANS Security Awareness, a division of SANS, provides organizations with a complete and comprehensive security awareness solution, enabling them to easily and effectively manage their ‘human’ cybersecurity risk. SANS also delivers a wide variety of free resources to the InfoSec community including consensus projects, research reports, webcasts, podcasts, and newsletters; it also operates the Internet's early warning system – the Internet Storm Center. At the heart of SANS are the many security practitioners, representing varied global organizations from corporations to universities, working together to support and educate the global information security community. (