Prove Skill Mastery with GIAC Certs - Free Cert Attempt Included with OnDemand Training


To attend this webcast, login to your SANS Account or create your Account.

Memory Forensics Made Easy

  • Tuesday, June 29, 2021 at 10:30 AM EDT (2021-06-29 14:30:00 UTC)
  • Shaul Holtzman, Matt Bromiley


  • Intezer

You can now attend the webcast using your mobile device!



Memory forensics is a key component of any incident investigation involving endpoints. It can help determine whether an infection did in fact occur, and if so, what type of threat is involved. However, most SOC/IR teams do not fully utilize memory forensics techniques as part of their investigations usually from lack of time or technical know-how.

In this talk, we will show you how Intezers endpoint scanner and Volatility plugin analyze live endpoints and entire memory dumps, providing deep insights and quick verdicts by identifying malicious code reuse within memory modules. These memory forensics tools can be incorporated as part of any incident and done at scale for many endpoints within a company.

Speaker Bios

Shaul Holtzman

Shaul is a Sr. Sales Engineer at Intezer. He has nearly 10 years of experience in cybersecurity technologies and methodologies. Shaul was responsible for developing cybersecurity training in the Israeli Defense Force (IDF) and later served as a cybersecurity analyst at Verint.

Matt Bromiley

Matt Bromiley is a SANS digital forensics and incident response (IR) instructor, teaching FOR508 Advanced Incident Response, Threat Hunting, and Digital Forensics and SANS FOR572 Advanced Network Forensics: Threat Hunting, Analysis, and Incident Response. He is also an IR consultant at a global IR and forensic analysis company, combining experience in digital forensics, log analytics, and incident response and management. His skills include disk, database, memory and network forensics; incident management; threat intelligence and network security monitoring. Matt has worked with organizations of all shapes and sizes, from multinational conglomerates to small, regional shops. He is passionate about learning, teaching and working on open source tools.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.