Memory Forensics Acquisition in the Cloud

As more and more organizations begin moving their resources to the cloud, analysts and responders must be prepared to operate in this new landscape. One aspect of traditional forensics that we must learn to implement in the cloud is memory forensics.

In this webcast, Mat Fuchs (author and instructor for FOR532: Enterprise Memory Forensics In-Depth) and Megan Roddie (co-author and instructor for FOR509: Enterprise Cloud Forensics and Incident Response) look at how to approach memory forensics when responding to incidents in cloud environments.

  • First, we’ll explain what cloud services fall in scope when discussing memory forensics.
  • Next we’ll discuss the tools, services, and processes that can be leveraged for acquisition, both cloud-native and third-party options.
  • Finally, we’ll wrap up with some examples of performing targeted memory analysis in the cloud.
  • At the end of this webinar, attendees should walk away with ideas for how memory analysis can be implemented in their organization’s processes and procedures.


Mat Fuchs

Mathias Fuchs, is the author of  the FOR532: Enterprise Memory Forensics In-Depth course and he is also the Head of Investigation & Intelligence at the Swiss firm InfoGuard AG as well as a volunteer paramedic and a pilot. Mathias began his career teaching Linux administration and general IT security and quickly moved into penetration testing and red teaming. As his skills improved (and as breaking into customer systems got more repetitive and less demanding), Mathias sought new challenges that would expand his IT security acumen. So, he moved over to digital forensics and incident response, a field where the attacker unintentionally sets the pace and partly controls what an investigator needs to do - rather than that being dictated by the customer or the investigator.

Megan Roddie

Megan Roddie is currently working as a Senior Security Engineer at IBM. Along with her work at IBM, she works with the SANS Institute as a co-author of FOR509, presents regularly at security conferences, and serves as CFO of Mental Health Hackers. Megan has two Master's degrees, one in Digital Forensics and the other in Information Security Engineering, along with many industry certifications in a wide range of specialties. Her goal as a SANS author, especially as it relates to lab development, is to give students realistic, practical hands-on experiences that will allow them to more effectively approach real-life incidents. Megan not only fights cybercrime, but is also a highly active competitor in Muay Thai/Kickboxing.