THA Deep Dive: Analyzing Malware in Memory

Update: The video and slides from the webinar are now available here.

The Hacker Academy is proud to announce an upcoming event! We will be having a Deep Dive presentation about Analyzing Malware in Memory by resident forensics expert, Andrew Case.

This is the first quarterly event in our new Deep Dive Series, where we’ll be demonstrating advanced tools and techniques for security professionals who want to stay on the cutting edge.

This session will be open to the public, and attendees will be able to ask questions about the material during the event.

Modern and advanced malware make a concerted effort to avoid and frustrate forensics analysis. One of the most common techniques used by malware to accomplish this is to minimize interactions with the disk and to hide solely in memory. This means that the traditional forensics process of examining only disk images and data-at-rest will miss many artifacts and in some cases will miss all evidence. In this Hacker Academy Deep Dive, we will use the Volatility Framework to explore how to use memory analysis to pinpoint a wide range of malware in memory. We will also discuss what the uncovered artifacts mean and how you can use them to trace the activity of a malware infection. All digital forensics investigators and incident response handlers will benefit from this Deep Dive and learn knowledge that is immediately usable in their own cases.

Please join us on December 18 at 7pm Eastern/4pm Pacific. You will need to register here.

After registering you will receive a confirmation email containing information about joining the Webinar.

System Requirements
PC-based attendees
Required: Windows® 7, Vista, XP or 2003 Server
Mac®-based attendees
Required: Mac OS® X 10.5 or newer
Mobile attendees
Required: iPhone®, iPad®, Android™ phone or Android tablet