SANS Online Training Special: Get an iPad Mini, Chromebook Flip, or $250 Off until 10/30! 


To attend this webcast, login to your SANS Account or create your Account.

Deep from Windows 10 Memory: Findings from Compressed Data

  • Friday, July 12th, 2019 at 10:30 AM EDT (14:30:00 UTC)
  • Alissa Torres

You can now attend the webcast using your mobile device!


Most incident responders strive to properly scope an incident based on malware signatures, compromised credentials and behavior indicators of attacker activity by scanning through system memory, registry and file system artifacts. Windows 10 introduced an investigative game changer, an obstacle to traditional IOC/Yara scanning methods, as large portions of physical memory as well as data residing in the page file are in a compressed state. In this webcast, Alissa will step through the various decompression tools available at this time and how inclusion of this data has changed the game in real-world incidents.

Speaker Bio

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.