Special Offer w/ OnDemand: Get an iPad (32 G), Galaxy Tab A, or Take $250 Off OnDemand Training thru Jan 27


To attend this webcast, login to your SANS Account or create your Account.

SANS CyberCast SANS@MIC - Memory Analysis Skillbuilder Series: Skeleton Key Deep Dive with WinDbg

  • Wednesday, April 08, 2020 at 3:30 PM EDT (2020-04-08 19:30:00 UTC)
  • Alissa Torres

You can now attend the webcast using your mobile device!



In our last Memory Forensics Skillbuilder webcast (https://t.co/xZjSMoi9Sc), we used WinDbg to examine a user-mode process dump and recover contents of heap memory. A fantastic use case for data recovery and activity reconstruction. But picture this scenario: your SOC alerts you that suspicious files were found on one of your domain controllers, to include lsass.dmp. Knowing attackers love user-mode process dumps too, we suspect this may be evidence of credential harvesting. In this second episode of MFS, we use WinDbg to identify in-memory patching and enumerate compromised credentials, all from this rogue lsass.dmp.

Speaker Bio

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.