Session:A trip down the memory l̶a̶n̶e̶ dump
From 36C3 Wiki
| Description | This workshop covers the fundamentals of memory internals and then dive into hands-on analysis with volatility. Newbie or seasoned, professional or hobbyist, this session is for you! |
|---|---|
| Website(s) | |
| Type | Workshop |
| Kids session | No |
| Keyword(s) | hacking, security |
| Tags | Forensics |
| Person organizing | November |
| Language | en - English |
Other sessions...
| |
(Click here to refresh this page.)
| Subtitle | An introduction to memory forensics |
|---|---|
| Starts at | 2019/12/30 12:00 |
| Ends at | 2019/12/30 13:15 |
| Duration | 75 minutes |
| Location | Room:Lecture room M2 |
UPDATE: Slides (and contact mail) for the workshop have been uploaded to: https://github.com/nov3mb3r/36c3-Workshop
Both theoretical and technical aspects of memory forensics will be covered: A theoretical approach of the basics of how memory in Windows systems works and hands-on dive to memory analysis.
The following topics will be discussed:
- How memory works in Windows systems
- Memory acquisition
- Introduction to Volatility and its plugins
- Hands-on analysis of machine hit by ransomware
Last 15 minutes will feature a general discussion and ideally will set the foundation of a C3 assembly dedicated to Digital Forensics
It is a BYOD, so please have the latest version of volatility installed on your machine!
https://github.com/volatilityfoundation/volatility/wiki/Installation
The workshop will be all about how to use it, not install it! :)
