Learn real-world cyber security skills from active industry experts in Anaheim. Save $150 thru 12/18.

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

Turn on the Lights! Case Studies of Malware in Memory

  • Tuesday, September 15th, 2015 at 3:30 PM EDT (19:30:00 UTC)
  • Tyler Halfpop
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

Sponsor

  • Fidelis Cybersecurity

You can now attend the webcast using your mobile device!

Overview

The purpose of this session is to demonstrate via a case studies approach the wealth of information that can be obtained from memory to better detect and understand malware in order to improve incident response and digital forensics capabilities. The problem faced by many defenders searching via traditional methods is that malware often attempts to hide its existence and capabilities from these techniques. A solution to this problem is to analyze the memory of systems in order to bypass most of a malware's camouflage and armor. Evidence will be presented from malware case studies showing some of the amazing capabilities of Volatility, a free open source memory forensics framework. It is my hope that participants will gain the skills to immediately start or improve their use of this outstanding capability of memory forensics.

Speaker Bio

Tyler Halfpop

Tyler is a threat researcher for Fidelis Cybersecurity. Tyler's main research interests are in reverse engineering and malware analysis. He is currently working on his doctorate in computer science. He is a SANS Lethal Forensicator and has several industry certifications including the CISSP and GREM. He likes to stay involved in the security community through several organizations and has spoken at various conferences and meetings.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.