Session:A trip down the memory l̶a̶n̶e̶ dump

From 36C3 Wiki
Description This workshop covers the fundamentals of memory internals and then dive into hands-on analysis with volatility. Newbie or seasoned, professional or hobbyist, this session is for you!
Website(s)
Type Workshop
Kids session No
Keyword(s) hacking, security
Tags Forensics
Person organizing November
Language en - English
en - English
Other sessions... ... further results

(Click here to refresh this page.)

Subtitle An introduction to memory forensics
Starts at 2019/12/30 12:00
Ends at 2019/12/30 13:15
Duration 75 minutes
Location Room:Lecture room M2

UPDATE: Slides (and contact mail) for the workshop have been uploaded to: https://github.com/nov3mb3r/36c3-Workshop
Both theoretical and technical aspects of memory forensics will be covered: A theoretical approach of the basics of how memory in Windows systems works and hands-on dive to memory analysis.
The following topics will be discussed:

  • How memory works in Windows systems
  • Memory acquisition
  • Introduction to Volatility and its plugins
  • Hands-on analysis of machine hit by ransomware

Last 15 minutes will feature a general discussion and ideally will set the foundation of a C3 assembly dedicated to Digital Forensics

It is a BYOD, so please have the latest version of volatility installed on your machine!
https://github.com/volatilityfoundation/volatility/wiki/Installation
The workshop will be all about how to use it, not install it! :)