Overview
This course aims to enhance participants' memory forensics skills by covering topics such as the Volatility Framework, baselines, hook comparisons, whitelisting/blacklisting, and generating Indicators of Compromise (IOCs) using plugins like Cyboxer, Stalker, and Hunter. The teaching method involves a workshop-style approach with practical examples and discussions. This course is intended for cybersecurity professionals, digital forensics analysts, and individuals interested in advanced memory forensics techniques.
Syllabus
Intro
Documentation
Volatility Framework
Purpose
Methodology
Sampling
Profile Library
Baselines (continued)
Caveat: Hook comparisons
Hook comparisons (continued)
Whitelisting/Blacklisting
Indicators of Compromise (IOCs)
Cyboxer Plugin Example
Set Difference
Union
Intersection
Symmetric Difference
Multiple Profiles
Profiler Plugin (continued)
Symantecprofiler Plugin
Profiler Plugin Discussion
CybOX (IOC) generation
Stalker Plugin
Hunter Plugin
Jack Crook DFIR Challenge
Processes
Executables
Conclusion
Questions?
Taught by
NYU Tandon School of Engineering