Surviving Digital Forensics: RAM Extraction Fundamentals

Surviving Digital Forensics: RAM Extraction Fundamentals

Conducting a RAM extraction as part of the computer evidence collection process is a front line examiner skill which becoming more and more in demand.  A system's live memory contains an assortment of valuable forensic data.  A computer analyst trained in memory forensics can dig out evidence of hidden malware processes, user activity and encryption keys or password hashes that may be critical to accesses protected data.

This class provides you with the foundation knowledge to help you make better decisions about why or why not to capture live memory.  It also gives you hands on experience using a number of freely available RAM capture tools and covers the advanced topic of using Inception.

• Learn why RAM extractions are important and how the data can affect your case.

• Practical exercises give you hands on experience with different RAM extraction tools.

• Learn how to evaluate and benchmark your RAM capture tools.

• Learn how to use PALADIN to launch INCEPTION to gain access to password protected systems in order to extract RAM.

• Learn all of this in about one hour using all freely available tools.

Learn how to apply RAM extraction basics and get hands on experience using RAM capture tools - including Inception

Url: View Details

What you will learn

• Learn why RAM extractions are important to computer forensic investigations
• Learn what types of valuable data may be stored in memory
• Learn what to consider when making the decision to capture RAM

Rating: 4.6

Level: All Levels

Duration: 1 hour

Instructor: Michael Leclair