Get unparalleled cyber security training from real-world practitioners in Miami. Save $300 today!


To attend this webcast, login to your SANS Account or create your Account.

Know Normal, Find Evil: Windows 10 Memory Forensics Overview

  • Friday, May 13th, 2016 at 1:00 PM EDT (17:00:00 UTC)
  • Alissa Torres
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!


It's time to re-up your skills at hunting evil in memory by learning the new normal, Windows 10. Advance your memory forensics skills for what is expected to be the most rapidly adopted enterprise Windows version of all time. Find out what is new in Windows 10 OS artifacts, browsing history and memory management and how the memory forensic frameworks are keeping up. With a current adoption rate of 10% and growing, it is only a matter of time before this OS version will make up the majority of your digital forensics and incident response casework. This presentation will provide insight into the significant changes introduced with Windows 10 and how they will affect your investigative process.

Every version of Windows we've gotten since Windows 98 keeps adding additional tracking information allowing developers to make a better user experience. It's our job as forensic examiners and analysts to keep up with those changes to be able to find evidence that can help us solve cases. This webcast explains the importance of Windows 10 Memory Forensics in today's criminal investigations.

This topic is just one of the many important subjects covered in our SANS FOR526, Memory Forensics In- Depth course. If you are looking for opportunities to take this course, please join Alissa at SANS Security East 2017!

Speaker Bio

Alissa Torres

Alissa Torres is a certified SANS instructor specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on an internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic and corporate environments, and she holds a bachelor's degree from University of Virginia and a master's from University of Maryland in information technology. Alissa has served as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.