Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Sorry, the slides for this webcast are not available for download.

Turn on the Lights! Case Studies of Malware in Memory

  • Tuesday, September 15, 2015 at 3:30 PM EDT (2015-09-15 19:30:00 UTC)
  • Tyler Halfpop


  • Fidelis Cybersecurity

You can now attend the webcast using your mobile device!



The purpose of this session is to demonstrate via a case studies approach the wealth of information that can be obtained from memory to better detect and understand malware in order to improve incident response and digital forensics capabilities. The problem faced by many defenders searching via traditional methods is that malware often attempts to hide its existence and capabilities from these techniques. A solution to this problem is to analyze the memory of systems in order to bypass most of a malware's camouflage and armor. Evidence will be presented from malware case studies showing some of the amazing capabilities of Volatility, a free open source memory forensics framework. It is my hope that participants will gain the skills to immediately start or improve their use of this outstanding capability of memory forensics.

Speaker Bio

Tyler Halfpop

Tyler is a threat researcher for Fidelis Cybersecurity. Tyler's main research interests are in reverse engineering and malware analysis. He is currently working on his doctorate in computer science. He is a SANS Lethal Forensicator and has several industry certifications including the CISSP and GREM. He likes to stay involved in the security community through several organizations and has spoken at various conferences and meetings.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.