Course curriculum

    1. A message from the instructor

    2. Navigating the learning platform

    3. Getting Set Up

    4. Live Q&A Session

    5. Before we begin...

    1. What is Random Access Memory (RAM)?

      FREE PREVIEW

    2. What can you find in RAM?

      FREE PREVIEW

    3. Live Data Forensics

      FREE PREVIEW

    4. Cases involving evidence from RAM

    5. Test your learning

      FREE PREVIEW

    1. How to acquire RAM

      FREE PREVIEW

    2. How to verify a RAM acquisition

      FREE PREVIEW

    3. Manually creating your RAM acquisition toolkit

    4. Using a toolkit manager

    5. RAM Acquisition with FTK Imager

    6. RAM Acquisition with Magnet RAM Capture

    7. RAM Acquisition with Belkasoft RAM Capturer

    8. Test your learning

    1. What are general analysis methods?

    2. Hex Editor Basics

    3. String and Hex Searches with a Hex Editor

    4. Windows Powershell and Strings

    5. Strings and Search-String

    6. File carving with Photorec

    7. Data extraction with Bulk_Extractor

    8. Test your learning

    1. What are advanced analysis methods?

    2. Why care about OS-specific data structures?

    3. Installing Python & Volatlity

    4. Volatility 3 overview

    5. Analyzing process memory in a RAM dump

    6. Analyzing command execution

    7. Analyzing network connections

    8. Dump Windows password hashes

    9. Windows Registry: UserAssist

    10. Windows Registry: Hive Extraction

    11. Windows Registry: Dump Specific Key

    12. MemProcFS

    13. Test your learning

    1. Exam Instructions

    2. Random Access Memory Analysis

About this course

  • $50.00
  • 44 lessons
  • 3 hours of video content
  • Certificate of completion
  • RAM analysis reference guide

What students say

5 star rating

Excellent course for beginner

Samba SIDIBE

This course is very beginner friendly. Explanations and examples provided are very clear and easy to understand.

This course is very beginner friendly. Explanations and examples provided are very clear and easy to understand.

Read Less

What you will learn

Random Access Memory is an excellent source of digital evidence but can be difficult to collect and analyze.

All DFIR Science courses include a lot of hands-on practice. We don't just talk about RAM analysis; you do RAM analysis.

  • RAM Acquisition in Windows and Linux

  • Generic analysis that works with any dataset

  • RAM parsing basics with Volatility 3

  • Understand how to use evidence from RAM

Instructor

Dr. Joshua I. James

Digital Forensic Scientist

Helping provide free and low-cost training to thousands of digital investigators around the world since 2008. He is now a consultant for the United Nations Office on Drugs and Crime, INTERPOL, and the NW3C.

Find evidence. Make the case.