The Timeless Way of Diagnostics

Paraphrasing 2 classical books of architecture written by Christopher Alexander, et al. "The Timeless Way of Building" and "A Pattern Language: Towns, Buildings, Construction" we would like to introduce the complete restructuring of multivolume Memory Dump Analysis Anthology into the projected 10 volume "A Pattern Language for Software Diagnostics, Forensics, and Prognostics: Memory, Traces, Deconstruction". The first volume is planned for the beginning of October (ISBN: 978-1908043818) and then we plan to release additional volume every month until next Summer. The reference will have better browsing and cross-referencing format, additional examples and case studies. It will incorporate comments and new pattern knowledge acquired since the first patterns were described 8 years ago. The new edition will cover only patterns and will not include additional content found in Memory Dump Analysis Anthology such as philosophy and art. Here's the preliminary front cover based on Software Diagnostics Institute logo:

Memory Dump Analysis Anthology will continue to be released with Volume 8 planned for 2015 and include up to date research from Software Diagnostics Institute and additional topics not included in "A Pattern Language for Software Diagnostics, ...".

Training: Accelerated Windows Memory Forensics

Learn how to navigate through memory space and discover forensic artefacts. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Microsoft WinDbg debugger from Debugging Tools for Windows to diagnose structural memory patterns in x86 and x64 physical and process memory dumps. Patterns of memory acquisition are also covered.

Accelerated Windows Memory Forensics Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

Level: Beginner/Intermediate

Prerequisites: Working knowledge of Windows. Operating system internals concepts are explained when necessary.

Audience: Security researchers, malware analysts, digital forensics engineers who have never used WinDbg for analysis of computer memory. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

Happy New Year 2014!

We break our tradition to greet in memory dump analysis style. This New Year we post a software trace diagram similar to what we use to illustrate trace and log analysis patterns:

Physical Memory Analysis Fundamentals

This is a revised version of the seminar delivered more than 2 years ago. Now updated to the latest WinDbg from Windows SDK 8.1.

Topics include:

  • User vs. kernel vs. physical memory space
  • Challenges of physical memory analysis
  • Common WinDbg commands
  • Patterns and pattern catalogues
  • Common mistakes
  • Fibre bundles
  • Hands-on exercise: a physical memory dump analysis
  • A guide to Software Diagnostics Library
  • Memory forensics

Physical Memory Analysis Logo

Date: December 30, 2013
Time: 7:00 PM (GMT)
Duration: 60 minutes

2014 - The Year of Software Forensics

The previous year 2013 was announced as The Year of Software Diagnostics and among various results it was successful in laying out the theoretical foundations for software forensics. We start the year 2014 with a seminar to show our vision of pattern-oriented software forensics and a roadmap for further development and advancement of its body of knowledge:

Webinar: Pattern-Oriented Software Forensics

Pattern-Oriented Software Forensics

This Webinar introduces a comprehensive theory behind software forensics based on systemic and pattern-oriented software diagnostics developed by Software Diagnostics Institute. It synthesises pattern-oriented memory analysis of malware and victimware with pattern-oriented software log and trace analysis based on software narratology.

Pattern-Oriented Software Forensics Webinar Logo

Date: 27th of December, 2013
Time: 19:00 (BST)
Duration: 60 minutes

Diagnosed by Vostokov®TM

Our founder and Chief Diagnostics Scientist Dmitry Vostokov launches his personal brand:

Training: Advanced Windows Memory Dump Analysis with Data Structures

Learn how to navigate through memory dump space and Windows data structures to troubleshoot and debug complex software incidents. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioral patterns in 64-bit kernel and complete memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O.

Public preview (selected slides) of the previous training

Advanced Windows Memory Dump Analysis Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

The training consists of 2 two-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, walk through stack traces and raw stack data, diagnose patterns such as heap corruption, CPU spike, memory and handle leaks, access violation, stack overflow, critical section and resource wait chains and deadlocks. If you don't feel comfortable with prerequisites then Accelerated Windows Memory Dump Analysis training is recommended to take (or purchase a corresponding book) before attending this course.

Audience: Software developers, security professionals, software technical support and escalation engineers.

At this time available only in a PDF book format with $100 discount.

Diagnostic Manual of Software Problems

The Diagnostic Manual of Software Problems (DMS), published by Software Diagnostics Institute, provides a common pattern language, standard diagnostic categories and criteria for the classification, determination and communication of abnormal software structure and behavior. DMS is evolved from software diagnostics pattern catalogues and other classification criteria introduced in various webinars from Software Diagnostics Services (currently published as Software Diagnostics: The Collected Seminars, ISBN 978-1908043641). The first version is planned for early 2014 and then revised every year.

Training: Deep Down C++

If you mastered Memory Language you mastered all other programming languages.

Learn internals of C++ implementation on x64 Windows platforms. Improve your memory thinking and understanding of C++ coding standards. We use a unique and innovative memory cell diagram approach to speed up the learning curve. The training consists of practical step-by-step hands-on exercises using WinDbg and memory dumps. The author of this course has solid experience in debugging very large C++ code bases, in the development of static code analysis tools for C++ and in C++ and STL semantics.

Deep Down C++ Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

The training consists of 2 two-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Level: Intermediate/Advanced

Prerequisites: Working knowledge of C++. Operating system internals and assembly language concepts are explained when necessary.

Audience: Software engineers designing, developing and debugging software using C++. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

The PDF training book to be published in 2014.

Note: 40% discount is available for those who previously booked Accelerated Disassembly, Reconstruction and Reversing training or purchased its book.

The RIP Point

This is a sequel (ISBN: 978-1908043689) to The Exception Point novella. Book description:

Survived the chaos after The Impact, Vladimir Ulyanov and his elder brother Aleksandr (who was pardoned by the father of Nicholas II instead of being executed 30 years ago, in 1887) launch a computer company that would transform the world for the next 100 years.

Training: Accelerated Windows Memory Dump Analysis

Learn how to analyze application, service and system crashes and freezes, navigate through memory dump space and diagnose heap corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of more than 20 practical step-by-step exercises using WinDbg highlighting more than 50 patterns diagnosed in 32-bit and 64-bit process, kernel and complete memory dumps.

Public preview (selected slides) of the previous training

Accelerated Windows Memory Dump Analysis Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

If you are registered you are allowed to optionally submit your memory dumps before the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees.

The training consists of 4 two-hour sessions (2 hours every day). When you finish the training you additionally get:

  1. A full transcript in PDF format with more than 100 questions and answers (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Prerequisites: Basic Windows troubleshooting

Audience: Software technical support and escalation engineers, system administrators, security professionals, software developers and quality assurance engineers.

At this time available only in a PDF book format with $50 discount.

Training testimonials:

I would like to thank you and recommend your training. I think that the “Accelerated Windows Memory Dump Analysis” training is a pin-point, well taught training. I think it’s the leading training in the dump analysis area and I’ve enjoyed it, the books and materials are very detailed and well written and Dmitry answered all of the needed question. In addition after the training Dmitry sent a PDF with written answers and more information about the questions that were asked. I will give this training 5/5. Thank you Dmitry. --Yaniv Miron, Security Researcher, IL.Hack

If you are mainly interested in .NET memory dump analysis there is another course available:

Accelerated .NET Memory Dump Analysis

If you are mainly interested in Mac OS X core dump analysis there is another course available:

Accelerated Mac OS X Core Dump Analysis

Software Diagnostics: Requirements, Architecture, Design, Implementation and Improvement

This free Webinar summarizes a pattern-oriented approach to software diagnostics and discusses software diagnostics RADII process based on common software diagnostics framework.

Software Diagnostics: Requirements, Architecture, Design, Implementation and Improvement Webinar Logo

Date: 17th of January, 2014
Time: 19:00 (GMT)
Duration: 60 minutes

Training: Accelerated Disassembly, Reconstruction and Reversing

Learn disassembly, execution history reconstruction and binary reversing techniques for better software diagnostics. troubleshooting and debugging on Windows. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step hands-on exercises using WinDbg and memory dumps. The main focus of the training is x64 Windows platform.

Public preview (selected slides) of the previous training

Accelerated Disassembly, Reconstruction and Reversing Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

The training consists of 3 two-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership

At this time available only in PDF book format with $100 discount.

Level: Intermediate/Advanced

Prerequisites: Working knowledge of C and C++. Operating system internals and assembly language concepts are explained when necessary.

Audience: Software technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour. The course will also be useful for software engineers, quality assurance and software maintenance engineers who debug their software running on diverse computer environments, security researchers and malware analysts who have never used WinDbg for analysis of computer memory.

Introduction to Psychology of Software Diagnostics

This is a short webinar to discuss the human side of software diagnostics.

Introduction to Psychology of Software Diagnostics Logo

Date: 3rd of February, 2014
Time: 19:00 (GMT)
Duration: 60 minutes

The Structure of Twitter Narrative

This illustrated research monograph analyses Twitter narrative stream from the perspective of trace and log analysis patterns.

  • Title: The Structure of Twitter Narrative: Applied Patterns from Software Narratology and Human-Computer Narratives
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Publisher: OpenTask (September 2013)
  • Language: English
  • Product Dimensions: 21.6 x 14.0
  • Paperback: 120 pages
  • ISBN-13: 978-1908043610

Introduction to Mobile Software Diagnostics

We discuss the perspectives of Software Diagnostics discipline in mobile world including pattern-oriented approach to troubleshooting and debugging modern web applications.

Introduction to Mobile Software Diagnostics Logo

Date: 17th of September, 2013
Time: 19:00 (BST)
Duration: 60 minutes

BugInject Library

Software Diagnostics Services is planning to release BugInject® library modeling abnormal software structure and behaviour based on our pattern catalogues.

CVnar: 10 years of Software Diagnostics + 10 years of Software Engineering

Introduction to CVnar Logo

Date: 10th of January, 2014
Time: 19:00 (GMT)
Duration: 60 minutes

Join the CVnar summarizing the last 10 years of work and thought of Software Diagnostics Services founder including the brief summary of another 10 years before that implemented in a novel format of Web CV narrative. Based on timeline from Software Diagnostics Institute (http://www.dumpanalysis.org/Timeline) where each slide corresponds to a major milestone with comments.

Introduction to Semiotics of Debugging

Learn about an application of semiotics to software diagnostics, troubleshooting and debugging including sign systems, sign classification and sign processes.

Introduction to Semiotics of Debugging Logo

Date: 8th of January, 2014
Time: 19:00 (GMT)
Duration: 60 minutes

Prerequisites: Basic software troubleshooting and debugging.

Audience: Software technical support and escalation engineers, quality assurance engineers, software engineers and developers.

Introduction to Generative Software Narratology

The second Webinar to introduce software narratology: an application of ideas from narratology to software narrative stories. The first webinar materials are available here. When software executes it gives us its stories in the form of software traces and logs. Such stories can be analysed for their structure and patterns. This software narrative plane has a corresponding source code narrative plane with its own structure and patterns useful for software troubleshooting and debugging.

Introduction to Generative Software Narratology Logo

Date: 13th of January, 2014
Time: 19:00 (GMT)
Duration: 60 minutes

Prerequisites: Basic software troubleshooting and debugging.

Audience: Software technical support and escalation engineers, quality assurance engineers, software engineers and developers.

Professional Diagnostics and Debugging Development Program

Software Diagnostics Services is planning to start PD3P. Its curricular combines the best of its software diagnostics and debugging training courses, presentations, webinars, books, Software Diagnostics Library and Debugging TV.

Introduction to Philosophy of Software Diagnostics

Learn from this Webinar about phenomenological, hermeneutical and analytical approaches to software diagnostics and its knowledge, foundations, norms, theories, logic, methodology, language, ontology, nature and truth. This seminar is hosted by Software Diagnostics Services.

 Introduction to Philosophy of Software Diagnostics Logo

Title: Introduction to Philosophy of Software Diagnostics
Date: 13th of May, 2013
Time: 19:00 BST
Duration: 30 minutes

Pattern-Oriented Network Trace Analysis

Software Narratology found its successful application in software diagnostics of abnormal software behavior in software logs. Join this Webinar to learn about its new application to network trace analysis with examples from Network Monitor and Wireshark.

Pattern-Oriented Network Trace Analysis Logo

Title: Pattern-Oriented Network Trace Analysis
Date: 27th of June, 2013
Time: 19:00 BST
Duration: 60 minutes

Training: Accelerated Windows Debugging 3

Learn live local and remote debugging techniques and tricks in kernel, user process and managed .NET spaces using WinDbg debugger. The unique and innovative Debugging3 course teaches unified debugging patterns applied to real problems from complex software environments. The training consists of practical step-by-step hands-on exercises.

Public preview (selected slides) of the previous training

Accelerated Windows Debugging 3 Logo

Software Diagnostics Services (PatternDiagnostics.com) organizes a training course:

The training consists of 2 three-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership

Prerequisites: Working knowledge of one of these languages: C, C++, C#. Operating system internals and assembly language concepts are explained when necessary.

Audience: software engineers, software maintenance engineers, escalation engineers.

At this time available only in PDF book format with $100 discount.

If you are interested in Windows postmortem software diagnostics using memory dump files there are other courses available:

Accelerated Windows Memory Dump Analysis

Accelerated .NET Memory Dump Analysis

Advanced Windows Memory Dump Analysis with Data Structures

Accelerated Windows Malware Analysis with Memory Dumps

Happy New Year 2013!

Following a tradition to greet in memory dump analysis style we post this fragment from WinDbg output:

0:000> u
00000000`00002012 f4 hlt
00000000`00002013 ?? ???
                  ^ Memory access error in 2013

Malware Narratives

Software Narratology, the science of software stories, found its successful application in software diagnostics of abnormal software behavior especially in the pattern-driven and pattern-based analysis of software logs from complex systems with millions of events, thousands of threads, hundreds of processes and modules. Join this Webinar to learn about its new application to malware analysis.

Malware Narratives Logo

Title: Malware Narratives: Applied Software Narratology
Date: 25th of March, 2013
Time: 19:00 GMT
Duration: 60 minutes

The Exception Point

This is the first novella to be written by applying software narratology and trace analysis patterns to history and is planned for publication in Spring 2015 (ISBN: 978-1908043412). Book description:

Russia, 1908, June 30, 7:14 a.m., the court of Tsar Nicholas II is wiped out by an impact, an enormous explosion over St. Petersburg. In an ensuring chaos State Duma takes power over Imperial Russia changing the course of World history forever. Russia, 2017, an alternative history novella is published about the Tunguska event that missed the capital of Russia...

Training: Accelerated Windows Software Trace Analysis

Feel frustrated when opening a software trace with millions of messages from hundreds of software components, threads and processes?

Accelerated Software Trace Analysis Logo

Memory Dump Analysis Services (DumpAnalysis.com) organizes a training course:

Go beyond simple CPU and disk hog monitoring or searching for errors in a text and learn how to efficiently and effectively analyze software traces and logs from complex software environments. Covered popular software logs and trace formats from Microsoft and Citrix products and tools including Event Tracing for Windows (ETW) and Citrix Common Diagnostics Format (CDF). This course teaches using pioneering and innovative pattern-driven and pattern-based analysis of abnormal software behavior incidents developed by Software Diagnostics Institute.

Public preview (selected slides) of the previous training

If you are registered you are allowed to optionally submit your software traces and logs before the training. This will allow us in addition to the carefully constructed problems tailor additional examples to the needs of the attendees.

The training consists of 4 one-hour sessions and additional homework exercises. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. Recording of training sessions including exercises
  3. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  4. A personalized attendance certificate with unique CID (PDF format)
  5. Free Software Diagnostics Library membership with access to cross-referenced patterns of software trace and analysis

Prerequisites: Basic Windows troubleshooting.

Audience: Software technical support and escalation engineers, software maintenance engineers, system administrators.

At this time available only in PDF book format + recording with $100 discount.

Syndicate content