Memory Forensics
Memory Forensics is one of the most challenging and powerful skills in cybersecurity. Learn how to analyze live memory, uncover hidden malware, and trace real-time attacks in volatile data.
Memory Forensics
This intensive 3-day course equips cybersecurity professionals with the foundational and practical skills required to master memory forensics on modern systems. Through guided labs and structured analysis exercises, participants will learn how volatile memory reveals critical evidence in live attacks, malware infections, and advanced threat activity.
The training begins with core concepts such as memory architecture, process structures, and virtual address spaces, then progresses into real-world investigations using memory dumps from Windows and Linux systems. Students will explore how modern threats leverage in-memory techniques like code injection, credential dumping, and stealthy persistence mechanisms.
Participants will gain hands-on experience with industry-standard tools, and modern frameworks for timeline reconstruction and threat hunting in memory. Special emphasis is placed on malware behavior, unpacking techniques, and detecting signs of fileless attacks that bypass traditional disk-based forensics.
By the end of the course, students will confidently extract forensic artifacts, identify indicators of compromise (IOCs), and reconstruct attacker behavior solely from memory dumps. This course bridges low-level memory analysis with real-world incident response, making it essential for DFIR professionals, threat hunters, and security teams focused on modern post-exploitation detection.
Course curriculum
-
-
Introduction
-
Types of Volatile Data
-
Acquisition Best Practices
-
Memory Acquisition on Windows
-
Memory Acquisition on Linux
-
Sysinternals Suite
-
Network Artifacts and Detection Strategies for Hidden Processes
-
Analysis with Autopsy Part I
-
Analysis with Autopsy Part II
-
Volatility Part I
-
Volatility Part II
-
Volatility Part III
-
Yara Rules
-
Yara Rules and Volatility
-
About this course
- 14 lessons
- 5 hours of video content
Requirements
While not mandatory, it is recommended that participants have the following tools installed to fully engage with the hands-on exercises:
- Tsurugi OS VM
- Windows OS VM
These tools will enhance your ability to work effectively with the course materials and practical exercises.
Additional Training
-
Red Team Operator Part I
Course • 27 lessons5.0 average rating (1 review)Master offensive cybersecurity with our Red Team Operator course. Learn adversary simulation, C2 frameworks, evasion, privilege escalation, and stealth techniques used by real-world threat actors. Hands-on and advanced.
Purchase$99
-
Exploit Development Part I
Course • 32 lessonsExploit Development is one of the most challenging and rewarding skills in Cybersecurity. Learn how to bypass protections, craft exploits, and master low-level attacks. This is Part I.
$199
-
Subscriber Pro
Bundle • 85 learning productsThis program is designed to elevate your career to the highest level through a 3-year training journey, featuring 65+ courses covering all the knowledge required to become a cybersecurity expert.
$4,000
-
Reverse Engineering Malware Part III
Course • 27 lessonsReverse engineering is one of the most well-paid skills in Cybersecurity. If you want to know how to do it, then this is the right course for you. This is Part III.
$199