SDF: Memory Forensics 1

Learn Windows memory forensics

SDF: Memory Forensics 1
SDF: Memory Forensics 1
What you'll learn
  • Learn how to use Volatility
  • Learn to do a fast-triage compromise assessment
  • Understand plugin output for investigations
  • Learn the value of Windows core processes for exams




  • Students need PC, Mac or Linux system (virtual machine preferred)
  • Willingness to learn!


Learn to use Volatility to conduct a fast-triage compromise assessment.

A system's memory contains an assortment of valuable forensic data. Memory forensics can uncover evidence of compromise, malware, data spoliation and an assortment of file use and knowledge evidence - valuable skills for both incident response triage work as well as in digital forensic exams involving litigation.

This class teaches students how to conduct memory forensics using Volatility.

  • Learn how to do a fast-triage compromise assessment

  • Learn how to work with raw memory images, hibernation files and VM images

  • Learn how to run and interpret plugins

  • Hands-on practicals reinforce learning

  • Learn all of this in about one hour using all freely available tools.

Who this course is for:
  • Computer forensic examiners
  • Computer crime investigators
  • Computer security incident responders
  • Security analysts
  • IT professionals
  • Students

SDF: Memory Forensics 1 udemy courses free download

Learn Windows memory forensics

Demo url: