Investigating Windows Memory
Buy now
Learn more
Welcome and Introduction
Welcome and Introduction
Initial Setup
Initial Setup
Foundations of Memory Forensics
Windows Memory Structures
Windows Process Genealogy
Acquiring Memory
The Basics
The Tools
Best Practices for Virtual Machines
VMware ESXi
Microsoft Hyper-V
Poor Man's Memory Forensics
Strings and Bstrings
Pagefile.sys and Swapfile.sys
Memory Analysis with Volatility
Image Identification and Metadata
Basic Process Enumeration - Part 1
Basic Process Enumeration - Part 2
In-depth Process Enumeration
Comparison of Process Enumeration Methods
Dynamic Link Libraries (DLLs)
Process Command Lines
Process Handles
Process Security Tokens
Network Activity
Registry Analysis
Basic Code Injection
Reflective Code Injection
Process Hollowing
API Hooks
SSDT Hooks
Kernel Module (Driver) Enumeration
Dumping Files
Dumping Processes
Dumping Memory Sections
Dumping DLLs and Kernel Modules
YARA Scans
Strings
Volatility Shell (volshell)
Malware Memory Analysis with Volatility
Inbrief
Analysis - Part 1
Analysis - Part 2
Recap
Memory Analysis with MemProcFS
Introduction
Running MemProcFS
Analysis
Malware Memory Analysis with MemProcFS
Running MemProcFS
Finding Evil
Dumping Files
Finding Files of Interest with WSL 2
Introduction to WinDbg
What is WinDbg?
Acquiring a Windows Crash Dump with MemProcFS
Analysis
Additional Content
Hibernation Files
Shimcache Memory Forensics
Additional Volatility 3 Plugins ➕
Practice Memory Images
Trouble at ACME
Knowledge Assessment
Knowledge Assessment
Products
Course
Section
Introduction to WinDbg
Introduction to WinDbg
Investigating Windows Memory
Buy now
Learn more
Welcome and Introduction
Welcome and Introduction
Initial Setup
Initial Setup
Foundations of Memory Forensics
Windows Memory Structures
Windows Process Genealogy
Acquiring Memory
The Basics
The Tools
Best Practices for Virtual Machines
VMware ESXi
Microsoft Hyper-V
Poor Man's Memory Forensics
Strings and Bstrings
Pagefile.sys and Swapfile.sys
Memory Analysis with Volatility
Image Identification and Metadata
Basic Process Enumeration - Part 1
Basic Process Enumeration - Part 2
In-depth Process Enumeration
Comparison of Process Enumeration Methods
Dynamic Link Libraries (DLLs)
Process Command Lines
Process Handles
Process Security Tokens
Network Activity
Registry Analysis
Basic Code Injection
Reflective Code Injection
Process Hollowing
API Hooks
SSDT Hooks
Kernel Module (Driver) Enumeration
Dumping Files
Dumping Processes
Dumping Memory Sections
Dumping DLLs and Kernel Modules
YARA Scans
Strings
Volatility Shell (volshell)
Malware Memory Analysis with Volatility
Inbrief
Analysis - Part 1
Analysis - Part 2
Recap
Memory Analysis with MemProcFS
Introduction
Running MemProcFS
Analysis
Malware Memory Analysis with MemProcFS
Running MemProcFS
Finding Evil
Dumping Files
Finding Files of Interest with WSL 2
Introduction to WinDbg
What is WinDbg?
Acquiring a Windows Crash Dump with MemProcFS
Analysis
Additional Content
Hibernation Files
Shimcache Memory Forensics
Additional Volatility 3 Plugins ➕
Practice Memory Images
Trouble at ACME
Knowledge Assessment
Knowledge Assessment
3 Lessons
What is WinDbg?
Acquiring a Windows Crash Dump with MemProcFS
Analysis