Memory Forensics 101 Xmen vs. Magneto
Using just a memory sample, can we prove that Magneto stole classified information from the XMen? This hands on lab will walk though how to capture RAM, and how to use Volatility to analyze it. Learn how to use Volatility to pull various artifacts from RAM and even how to write your own plugins. A memory sample will be provided for analysis, however, please come with Volatility installed. Windows, Mac or Linux will work for this lab - just download the standalone executable for your system. If you install from source, make sure to install all the plugins. http://www.volatilityfoundation.org/releases
Mari DeGrazia is a Director at Kroll Cyber Security, which provides Incident Response services on a global scale. Throughout her career in digital forensics and incident response, Mari has investigated high-profile breach cases, worked civil and criminal cases and provided testimony as an expert witness. Mari has contributed various tools and scripts, many written in python, to the forensic community. Mari has a Bachelor's of Science in Computer Science from Hawaii Pacific University as well as various certificates related to Digital Forensics.