Course Description
This course delves deeper into the world of digital investigations, focusing on the critical areas of memory and network forensics. It's builds upon foundational knowledge to equip learners with advanced techniques for acquiring and analyzing volatile memory and network traffic.
Through hands-on exercises and real-world scenarios, you will explore tools like Volatility, LiME, FTK Imager, and Wireshark to uncover malicious activities and gain actionable insights.
By the end of the course, you’ll possess specialized skills to investigate and interpret evidence from memory dumps and network data effectively.
What you'll learn
After completing this course you will be able to :
• Recall the structure and components of volatile memory and network data.
• Explain the principles of memory and network forensics and their role in digital investigations.
• Describe the formats, tools, and methodologies used in memory acquisition and network traffic analysis.
• Perform memory acquisition using tools like DumpIt, FTK Imager, LiME, and AVML across Windows and Linux systems.
• Utilize the Volatility Framework to analyze memory dumps for malicious processes and system activity.
• Capture and analyze network traffic using tools like TCPdump, Zeek, TCPflow, and Wireshark.
• Interpret memory and network data to detect anomalies, malicious activities, and potential breaches.
• Differentiate between processes and activities in memory to identify threats.
• Evaluate captured network traffic and PCAP files to uncover patterns and evidence.
• Assess the suitability of memory and network forensic tools for specific investigation scenarios.
• Develop workflows for comprehensive memory and network forensics investigations aligned with industry best practices.
Requirements
Completion of "The Essentials of Digital Forensics: From Basics to Practice" course is required
