Rewind, Revisit, Reinforce, Retain with OnDemand - Special Offer Available Now


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

Build "Muscle Memory" with Rekall Memory Forensic Framework

  • Monday, December 22, 2014 at 1:00 PM EST (2014-12-22 18:00:00 UTC)
  • Alissa Torres

You can now attend the webcast using your mobile device!



Join us for a "How to" on effectively wielding the Rekall Memory Forensic Framework to slice through live or captured system memory. Alissa, co-author of the FOR526 "Memory Forensics In-Depth" course, will give you a gift that keeps on giving throughout the year, practical skills for using this bleeding-edge analysis tool. You have heard about how simple Rekall is to use! And there are new capabilities that the Rekall development team has recently added. Grab the page file while acquiring physical memory using Rekall's winpmem and parse the memory of virtualized machines from a host memory image. Sharpen your skills over the holidays by attending this webcast and downloading the memory image for "muscle memory" building.

Speaker Bio

Alissa Torres

Alissa Torres is founder and senior consultant for Sibertor Forensics. She is an experienced digital forensic investigator specializing in advanced computer forensics and incident response, recently serving as an advisor for an international CERT and architect of internal IR capabilities for a Fortune 100 company. Her past industry roles include senior incident handler on the Mandiant Computer Incident Response Team (MCIRT) and digital forensic examiner on an internal employee investigations team.

Alissa has taught as a Certified SANS instructor for over four years, and is lead author of the FOR526 Memory Forensics In-Depth course at the SANS Institute. She has worked in government, academic, and corporate environments and with a wide array of enterprise and investigative technical solutions. A passionate researcher and presenter, she has spoken at various industry conferences such as RSA, Shmoocon, NCCC, HTCIA, Enfuse and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GSEC, GCIH, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.