Cyber Skills Training at SANS Rocky Mountain Fall 2017. Save $400 thru Aug. 2.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Dumping in the Dark: Gaining Insight into your Memory Acquisition Tools and Techniques

  • Thursday, October 24th, 2013 at 1:00 PM EDT (17:00:00 UTC)
  • Alissa Torres
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Digital forensic and incident response professionals unanimously agree on the vital importance of physical memory acquisition and analysis in investigations, whether they center around the reconstruction of user activity or the isolation of malicious code. Most computer incident response teams have preferred tools for such acquisition that are part of their standard operating procedures invoked during live response or evidence acquisition. We all use these tools, but how many of us can describe how they work? This webcast will take a deeper look at the differences found in those memory image files tied directly to the specific tools and techniques used in the acquisition process. Does every tool acquire physical memory utilizing the same technique - and which technique provides a more accurate view of current system state? Are there evidential consequences in acquiring memory remotely versus locally? Alissa will present tips for optimal acquisition and a checklist useful in determining what acquisition techniques to use when.

Speaker Bio

Alissa Torres

Alissa Torres is a SANS Analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.