Forensic Workshop: Memory analysis with Andreas Schuster

Andreas Schuster will present a special forensics workshop ragarding memory analysis. The workshop will take place on the 22/23 of april, 2010 and will focus on:

  • Intel x86 hardware platform
  • Random Access Memory (RAM)
  • Techniques of adressing
  • Forensic backup of the RAM, methods and tools
  • Windows memory management
  • Objects of the system kernel
  • Applied techniques for analysis
  • Use of the Microsoft debugger and the volatility framework
  • Excercises on memory dumps

The course will be held in German.