23 November 2021 to 27 January 2022
Europe/Amsterdam timezone

IT Forensics for System Admins - Memory Acquisition I

9 Dec 2021, 11:00


Mr Klaus Möller (DFN-CERT)Mr Stefan Kelm (DFN-CERT)


Whatever malware is doing on a computer, the code to carry out its activity has to be in the random access memory (RAM). And not only this, lots of other interesting stuff is present there too: IP-addresses of computers it has communicated with, data from attacks against other systems or even exfiltrated data. By getting information directly from the storage, compromised operating system components can be bypassed. No wonder that investigating transient memory has become a hot topic in IT forensics over the last decade.

But before memory contents can be scrutinized, they will have to be acquired from the computer. This webinar covers the basic principles and techniques behind memory acquisition on Linux, Windows and MacOS operating systems.

Presentation Materials

There are no materials yet.
Your browser is out of date!

Update your browser to view this website correctly. Update my browser now