OnDemand Includes 4 Months Access to Course Content - Special Offers Available Now!


To attend this webcast, login to your SANS Account or create your Account.

Know Normal, Find Evil: Windows 10 Memory Forensics Overview

  • Friday, May 13, 2016 at 1:00 PM EDT (2016-05-13 17:00:00 UTC)
  • Alissa Torres

You can now attend the webcast using your mobile device!



It's time to re-up your skills at hunting evil in memory by learning the new normal, Windows 10. Advance your memory forensics skills for what is expected to be the most rapidly adopted enterprise Windows version of all time. Find out what is new in Windows 10 OS artifacts, browsing history and memory management and how the memory forensic frameworks are keeping up. With a current adoption rate of 10% and growing, it is only a matter of time before this OS version will make up the majority of your digital forensics and incident response casework. This presentation will provide insight into the significant changes introduced with Windows 10 and how they will affect your investigative process.

Every version of Windows we've gotten since Windows 98 keeps adding additional tracking information allowing developers to make a better user experience. It's our job as forensic examiners and analysts to keep up with those changes to be able to find evidence that can help us solve cases. This webcast explains the importance of Windows 10 Memory Forensics in today's criminal investigations.

This topic is just one of the many important subjects covered in our SANS FOR526, Memory Forensics In- Depth course. If you are looking for opportunities to take this course, please join Alissa at SANS Security East 2017!

Speaker Bio

Alissa Torres

Alissa Torres is founder and senior consultant for Sibertor Forensics. She is an experienced digital forensic investigator specializing in advanced computer forensics and incident response, recently serving as an advisor for an international CERT and architect of internal IR capabilities for a Fortune 100 company. Her past industry roles include senior incident handler on the Mandiant Computer Incident Response Team (MCIRT) and digital forensic examiner on an internal employee investigations team.

Alissa has taught as a Certified SANS instructor for over four years, and is lead author of the FOR526 Memory Forensics In-Depth course at the SANS Institute. She has worked in government, academic, and corporate environments and with a wide array of enterprise and investigative technical solutions. A passionate researcher and presenter, she has spoken at various industry conferences such as RSA, Shmoocon, NCCC, HTCIA, Enfuse and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GSEC, GCIH, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.