YoVDO

Building a Muscle Memory with Rekall Memory Forensic Framework

Offered By: YouTube

Tags

Conference Talks Courses Cybersecurity Courses Digital Forensics Courses Memory Forensics Courses

Course Description

Overview

Save Big on Coursera Plus. 7,000+ courses at $160 off. Limited Time Only!
Explore memory forensics techniques and the Rekall Memory Forensic Framework in this 53-minute conference talk from BSides Augusta 2015. Learn about evidence in memory, investigative methodology for identifying malware, and interactive Rekall sessions. Discover process enumeration methods, advantages of baselining, and how to detect rootkit behaviors. Gain insights into live analysis techniques and the AFF4 volume format. Enhance your skills in digital forensics and malware detection through practical demonstrations and real-world use cases.

Syllabus

Intro
You are Freaking Awesome!
Memory Forensics IRL
Evidence in Memory
Rekall Memory Forensic Framework
Investigative Methodology: Use Case: Identifying Malware
Interactive Rekall Session
Profile Auto-detection
Session Caching
Process Enumeration pslist Using Volatility
Process Enumeration with Rekall Choose Your Poison Rekall's PSList Methods of Enumeration
Process Scanning with Rekall Output Options
Advantages of Baselining: "Know Normal, Find Evil."
MBR Persistence
Memory Analysis with Rekall Step 1: Identify Roque Processes
Know Normal (Windows Processes), Find Evil
Step 3: Network Connections
Signs of Code Injection
Detect Rootkit Behaviors
Memory Analysis with Rekall Step 6: Acquisition of Notable Findings
AFF4 Volume Format
Live Analysis with Rekall (1)
Live Analysis with Rekall (3) Acquisition
References


Related Courses

OS Analysis with Volatility
Pluralsight Getting Started with Memory Forensics Using Volatility
Pluralsight Advanced Malware Analysis: Redux
Cybrary Introduction to Memory Forensics with Volatility 3
DFIRScience via YouTube Taking Memory Forensics to the Next Level
New York University (NYU) via YouTube