One Week Left to get an iPad Mini, Surface Go, or $300 Off with OnDemand and vLive Training!

Webcasts

To attend this webcast, login to your SANS Account or create your Account.

What’s new with FOR526 Advanced Memory Forensics and Threat Detection

  • Monday, January 14th, 2019 at 1:00 PM EST (18:00:00 UTC)
  • Alissa Torres
This webcast has been archived. You can view the webcast presentation and download the slides by logging into your SANS Portal Account or creating an Account. Click the Register Now button after you have logged in to view the Webcast.

You can now attend the webcast using your mobile device!

Overview

Reconstructing data from system RAM is an advanced skill sought after by both blue and red team actors. For the past 5 years, we have noted an increasing number of pentesters, red teamers and exploit developers coming through our 6-day class seeking to understand, not only how their malware and actions on objective show up in memory but also how to scrap data from live system RAM to augments their attacker objectives. Due to our students needs for more practical application, we have extended the FOR526 to a boot camp, adding Netwars analysis challenges to each days content. Not only does the scoring server interaction add to the fun (and competition) of memory analysis and artifact hunting, each bootcamp session builds on concepts covered during the day. Challenges include reconstructing a windows 10 hibernation file with a broken process list and analyzing a Java backdoored Windows 10 with a unique persistence mechanism and a kernel-rooted Linux memory dump that hides unique file names. Join us 14 January to find out more about the new content and how it can help propel your technical expertise in malicious code detection and adversary activity analysis.

 

Speaker Bio

Alissa Torres

Alissa Torres is a SANS analyst and certified SANS instructor specializing in advanced computer forensics and incident response (IR). She has extensive experience in information security in the government, academic and corporate environments. Alissa has served as an incident handler and as a digital forensic investigator on an internal security team. She has taught at the Defense Cyber Investigations Training Academy (DCITA), delivering IR and network basics to security professionals entering the forensics community. A GIAC Certified Forensic Analyst (GCFA), Alissa holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+ certifications.

Need Help? Visit our FAQ page or email webcast-support@sans.org.

Not able to attend a SANS webcast? All Webcasts are archived so you may view and listen at a time convenient to your schedule. View our webcast archive and access webcast recordings/PDF slides.