Session:A trip down the memory l̶a̶n̶e̶ dump
From 36C3 Wiki
Description | This workshop covers the fundamentals of memory internals and then dive into hands-on analysis with volatility. Newbie or seasoned, professional or hobbyist, this session is for you! |
---|---|
Website(s) | |
Type | Workshop |
Kids session | No |
Keyword(s) | hacking, security |
Tags | Forensics |
Person organizing | November |
Language | en - English |
Other sessions...
|
(Click here to refresh this page.)
Subtitle | An introduction to memory forensics |
---|---|
Starts at | 2019/12/30 12:00 |
Ends at | 2019/12/30 13:15 |
Duration | 75 minutes |
Location | Room:Lecture room M2 |
UPDATE: Slides (and contact mail) for the workshop have been uploaded to: https://github.com/nov3mb3r/36c3-Workshop
Both theoretical and technical aspects of memory forensics will be covered: A theoretical approach of the basics of how memory in Windows systems works and hands-on dive to memory analysis.
The following topics will be discussed:
- How memory works in Windows systems
- Memory acquisition
- Introduction to Volatility and its plugins
- Hands-on analysis of machine hit by ransomware
Last 15 minutes will feature a general discussion and ideally will set the foundation of a C3 assembly dedicated to Digital Forensics
It is a BYOD, so please have the latest version of volatility installed on your machine!
https://github.com/volatilityfoundation/volatility/wiki/Installation
The workshop will be all about how to use it, not install it! :)