Join us for in-depth talks, exclusive networking, and world-class training at Security Awareness Summit Dec 1-4!


To attend this webcast, login to your SANS Account or create your Account.

This webcast has been archived. To view the webcast login into your SANS Portal Account or create an account by clicking the "Get Registered" button on the right. Once you register, you can download the presentation slides below.

What’s new with FOR526 Advanced Memory Forensics and Threat Detection

  • Monday, January 14, 2019 at 1:00 PM EST (2019-01-14 18:00:00 UTC)
  • Alissa Torres

You can now attend the webcast using your mobile device!



Reconstructing data from system RAM is an advanced skill sought after by both blue and red team actors. For the past 5 years, we have noted an increasing number of pentesters, red teamers and exploit developers coming through our 6-day class seeking to understand, not only how their malware and actions on objective show up in memory but also how to scrap data from live system RAM to augments their attacker objectives. Due to our students needs for more practical application, we have extended the FOR526 to a boot camp, adding Netwars analysis challenges to each days content. Not only does the scoring server interaction add to the fun (and competition) of memory analysis and artifact hunting, each bootcamp session builds on concepts covered during the day. Challenges include reconstructing a windows 10 hibernation file with a broken process list and analyzing a Java backdoored Windows 10 with a unique persistence mechanism and a kernel-rooted Linux memory dump that hides unique file names. Join us 14 January to find out more about the new content and how it can help propel your technical expertise in malicious code detection and adversary activity analysis.


Speaker Bio

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.