English | MP4 | 1280x720 | 62 kbps | 44 KHz | 2 hours | 263 Mb
Learn how to identify suspicious processes running in Windows memory
A system's memory contains an assortment of valuable forensic data. A computer analyst trained in memory forensics can use this data to determine if a system has been infected with malware - a valuable skill for both incident response triage work as well as in digital forensic exams involving litigation.
This class provides you with the foundation knowledge to help you identify suspicious processes running in memory. Learn how to conduct a "level 1" triage of Windows memory which includes observing running processes and being able to identify suspicious behaviors. Further memory analysis is based on the fundamentals taught here.
Learn about notable Windows processes found on most systems.
Learn how to profile legitimate process behavior.
Learn how to triage memory and identify suspicious processes.
Hands-on practicals reinforce learning
Learn a method to continue to teach yourself more about legitimate process behavior.
Learn all of this in about one hour using all freely available tools.
What are the requirements?
Students need a Windows 7 or Windows 8 system (virtual machine preferred)
Willingness to learn!
What am I going to get from this course?
Over 26 lectures and 1 hour of content!
Identify notable windows processes
Profile legitimate process behavior
Identify suspicious processes running in memory
Perform a "level 1" triage of Windows memory
Continue to teach yourself how to profile other Windows processes
What is the target audience?
Computer forensic analysts
Computer security incident responders
computer crime investigators
(Buy premium account for maximum speed and resumming ability)