A Complete Practical Approach to Malware Analysis & Memory Forensics
Venue:
Holiday In Riyadh Meydan | IHG
Olaya - King Fahed Road, PO Box 18030, Riyadh, 11415, Kingdom of Saudi Arabia
Timings:
- Registration starts at 8am
- Training from 9am to 5pm
View our summary video here
Topics:
- Introduction to Malware Analysis
- Static Analysis
- Automating Malware Analysis(sandbox)
- Malware Persistence Methods
- Code Analysis
- Dynamic Analysis/Behavioural analysis
- Introduction to Memory Forensics
- Volatility Overview
- Investigating Process
- Investigating Process handles & Registry
- Investigating Network Activities
- Investigation Process Memory
- Investigating User-Mode Rootkits & Fileless Malware
- Memory Forensics in Sandbox technology
- Investigating Kernel-Mode Rootkits
- Memory Forensic Case Studies
Overview
Malware analysis and memory forensics are powerful analysis and investigative techniques used in reverse engineering, digital forensics, and incident response. With adversaries getting sophisticated and carrying out advanced malware attacks on critical infrastructures, Data Centers, private and public organizations, it is essential for cyber-security professionals to have the necessary skills to detect, respond and investigate such intrusions. Malware analysis and memory Forensics have become a must-have skill for fighting advanced malwares, targeted attacks, and security breaches. This hands-on training teaches the concepts, tools, and techniques to analyze, investigate, and hunt malwares by combining two powerful techniques malware analysis and memory forensics. After taking this course, attendees will be better equipped with the skills to analyze, investigate, and respond to malware-related incidents.
Students should bring laptop with the below requirements?
- Laptop with a minimum of 6GB RAM and 40GB free hard disk space
- VMware Workstation or VMware Fusion (even trial versions can be used).
- Windows Operating system (preferably Windows 10 64-bit, even Windows 8 and lower versions are fine) installed inside the VMware Workstation/Fusion. You must have full administrator access to the Windows operating system installed inside the VMware Workstation/Fusion.
Note: VMware Player or VirtualBox is not suitable for this training. The lab setup guide will be sent to you after registration.
What students will be provided with?
- Course material (pdf copy)
- Lab solution material
- Videos used in the course
- Malware samples used in the course/labs
- Memory Images used in the course/labs
- Linux VM (to be opened with VMware Workstation/Fusion) containing necessary tools and samples
Who should take this course
- Forensic practitioners, incident responders, cyber-security investigators, security researchers, malware analysts, system administrators, software developers, students, and curious security professionals who would like to expand their skills
- Anyone interested in learning malware analysis and memory forensics.
- Students who are familiar with using Windows / Linux & have an understanding of basic programming concepts, while programming experience is not mandatory.