Taking Memory Forensics to the Next Level
Offered By: New York University (NYU) via YouTube
Course Description
Overview
Explore advanced techniques in memory forensics through this 29-minute conference talk from the CSAW'16 Security Open Source Workshop at New York University. Delve into the Volatility Framework, understanding its purpose and methodology. Learn about sampling, profile libraries, and baselines, with a focus on hook comparisons. Discover the importance of whitelisting/blacklisting and Indicators of Compromise (IOCs). Examine practical applications through plugins like Cyboxer, Profiler, and Stalker. Investigate multiple profiles, set operations, and CybOX generation. Analyze processes and executables using the Hunter plugin. Conclude with insights from the Jack Crook DFIR Challenge, enhancing your skills in digital forensics and incident response.
Syllabus
Intro
Documentation
Volatility Framework
Purpose
Methodology
Sampling
Profile Library
Baselines (continued)
Caveat: Hook comparisons
Hook comparisons (continued)
Whitelisting/Blacklisting
Indicators of Compromise (IOCs)
Cyboxer Plugin Example
Set Difference
Union
Intersection
Symmetric Difference
Multiple Profiles
Profiler Plugin (continued)
Symantecprofiler Plugin
Profiler Plugin Discussion
CybOX (IOC) generation
Stalker Plugin
Hunter Plugin
Jack Crook DFIR Challenge
Processes
Executables
Conclusion
Questions?
Taught by
NYU Tandon School of Engineering
Tags
Related Courses
Computer SecurityStanford University via Coursera Cryptography II
Stanford University via Coursera Malicious Software and its Underground Economy: Two Sides to Every Story
University of London International Programmes via Coursera Building an Information Risk Management Toolkit
University of Washington via Coursera Introduction to Cybersecurity
National Cybersecurity Institute at Excelsior College via Canvas Network