Workshop: Memory Analysis
Memory Analysis Worshop for students
by Alissa Torres
Friday April 22 - Saturday April 23, 2016
From 9:00AM to 5:00PM
Do you have the skills required to identify the malware and reveal an attacker's tactics and techniques in your network? Fast detection relies on memory analysis skills, finding the answers in system memory that may not exist on the disk. This two-day hands-on workshop teaches skills in high demand at organizations today - live memory analysis, acquisition and deep-dive memory image parsing.
Attackers know how forensic investigators work and they are becoming increasingly more sophisticated at using methods that leave few traces behind—we are in an arms race where the key difference is training. Join us to advance your skills at hunting the evil and detecting malware and rogue insider activity.
What you will learn:
- Live system memory analysis using Rekall Memory Forensic Framework
- Memory acquisition using winpmem
- Off-line memory analysis with bulk extractor, Volatility and Rekall
- Malware signature creation and scanning with YARA rules
- Identifying code injection and rootkit hooking
- Extracting memory-mapped files and malicious binaries for additional analysis
Priority will be given to students participating of the ATACK-PR Scholarship, students participating in the Cybersecurity SIG for CTF competitions, and students enrolled in UPR-RP CS Cybersecurity courses.
GIRLS are HIGHLY encouraged to participate.
Registration is REQUIRED because we are constrained by space and resources. We will contact the students selected to participate.
Registration HERE. (Make sure you WILL participate the two full days before registering)
Alissa Torres short bio:
Alissa Torres is a certified SANS instructor, specializing in advanced computer forensics and incident response. Her industry experience includes serving in the trenches as part of the Mandiant Computer Incident Response Team (MCIRT) as an incident handler and working on a internal security team as a digital forensic investigator. She has extensive experience in information security, spanning government, academic, and corporate environments and holds a Bachelors degree from University of Virginia and a Masters from University of Maryland in Information Technology. Alissa has taught as an instructor at the Defense Cyber Investigations Training Academy (DCITA), delivering incident response and network basics to security professionals entering the forensics community. She has presented at various industry conferences and numerous B-Sides events. In addition to being a GIAC Certified Forensic Analyst (GCFA), she holds the GCFE, GPEN, CISSP, EnCE, CFCE, MCT and CTT+.