$100

Incident Response with Volatility Framework

Event Information

Share this event

Date and Time

Location

Location

J. J. Pickle Research Campus, The University of Texas at Austin

North Burnet

Austin, TX 78758

View Map

Refund Policy

Refund Policy

No Refunds

Event description

Description

Trainer: Evan Wagner

  • What is Volatility Framework
    • Supported Formats
    • Profiles / Debug Symbols / PDBs
      • Operating Systems and Builds
    • Plugins Concepts
    • Availability
      • Github Repository
      • Distro Packages
      • Rekall Fork
  • Why use Volatility
    • Considerations and experiences from in the field
  • How to
    • Capture Memory
      • Physical Memory
      • Hibernation Files
      • Page/Swap Space
      • Virtual Machine Snapshots and VMEM
        • Converting VMWare Suspend Snapshot into memory dump
      • Crashdumps
      • Space considerations
      • Using [lin|osx|win]pmem tool
    • Working with Image Formats
      • What is compatible and what is not
      • AFF4 format
        • Extracting AFF4 streams into RAW memory files
    • Extracting Volatility Framework
      • Basic usage information
    • Determine OS Build Profile
      • imageinfo
    • Processes
      • Comparing process discovery plugins and results
      • Identifying parent processes in execution tree
      • Listing process threads
      • Process ownership SIDs
      • Extracting processes out of dump
        • Performing static analysis on extracted processes
    • Network Connections and Sockets
      • Connection scanning plugins
      • Identifying suspect process based on indicator(s)
    • Object and Files
      • Concept of Handles
      • Drivers
      • DLLs Loaded/Unloaded Modules
      • Scanning for files
        • Searching by filename/type
        • Extracting files from the image
      • Mutexes
    • Exposing Secrets and Keys
      • Finding Certificates
      • Dumping NTLM/LM Hashes
      • Dumping cached Domain hashes
      • Dump decrypted LSA passwords
    • Operational Items
      • Display Clipboard
      • Environment Variables
      • Shellbags
      • Services
    • Finding Services
    • Output Format options
    • Creating Searchable Timeline
  • What is Yara
    • How to use Yara
  • Finding Malware
    • Memory protection violations
    • Command line console history
    • Finding hooks
    • Callbacks
    • SSDT
    • Timers
    • Using Yara to find processes associated to indicators
  • Extending functionality
    • Adding Plugins
  • Real World Exercises
    • Will be given scenarios and VMs/Memory dumps to identify what happened
  • Finish up the class with extra challenges and prizes


More information can be found at: https://bsidesaustin.com/bsides-austin-2019-training-days/

Share with friends

Date and Time

Location

J. J. Pickle Research Campus, The University of Texas at Austin

North Burnet

Austin, TX 78758

View Map

Refund Policy

No Refunds

Save This Event

Event Saved