Online Training: Accelerated Windows Memory Forensics and Malware Analysis with Memory Dumps

Software Diagnostics Services organizes this online training course.

New dates/times TBD

Accelerated Windows Memory Forensics Logo

Learn how to navigate the process, kernel, physical memory spaces, and corresponding Windows data structures, discover forensic artifacts and diagnose structural and behavioral patterns in Windows memory dump files. The course uses a unique and innovative pattern-oriented analysis approach to speed up the learning curve. The training consists of more than 20 practical step-by-step, hands-on exercises using WinDbg, process, kernel, and complete memory dumps. In addition to malware patterns, topics include process and thread navigation, past execution, memory search, kernel linked list navigation, practical WinDbg scripting including built-in language and JavaScript, registry, system variables and objects, device drivers, I/O, file system filters, and security. The training is based on the Pattern-Oriented Memory Forensics: A Pattern Language Approach, the 3rd edition of Accelerated Windows Malware Analysis with Memory Dumps, and the 4th edition of Advanced Windows Memory Dump Analysis with Data Structures books. This course also covers patterns of memory acquisition. It uses the latest WinDbg Preview and is optionally containerized.

Example slides for days 1-3
Example slides for days 4-5

Before the training, you get:

  • Practical Foundations of Windows Debugging, Disassembling, Reversing, Second Edition PDF book
  • Pattern-Oriented Memory Forensics: A Pattern Language Approach PDF book
  • Advanced Windows Memory Dump Analysis with Data Structures, Fourth Edition PDF book
  • Accelerated Windows Malware Analysis with Memory Dumps, Third Edition PDF book
  • The previous training recording
  • Access to Software Diagnostics Library with more than 370 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies

After the training, you also get:

  • The updated PDF books
  • Personalized Certificate of Attendance with unique CID
  • Optional Personalized Certificate of Completion with unique CID (after the tests)
  • Answers to questions during training sessions
  • Current training sessions recording

Prerequisites: Working knowledge of Windows troubleshooting. Operating system internals concepts are explained when necessary.

Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers, and quality assurance engineers.