Joint CSA Seattle Chapter and ISSA Event

Memory Analysis with Volatility, Russ McRee

This discussion will cover the complete life cycle of memory acquisition and analysis for forensics and incident response, using Volatility. Volatility has been referred to as the Python version of the Windows Internals book, given how much can be learned about Windows by reviewing how Volatility enumerates evidence. We’ll conduct real-time analysis and examine Volatility’s plug-in capabilities.

The Volatility project shortens the amount of time it takes to put cutting-edge research into the hands of practitioners, while encouraging and pushing the technical advancement of the digital forensics field. Join us and learn more about this outstanding tool.

Bio: Russ McRee directs the Security Incident Management and Attack & Penetration testing teams for Microsoft’s Online Services Security & Compliance organization. He writes toolsmith, a monthly column for the ISSA Journal, and has written for numerous other publications including Information Security and Linux Magazine. Russ also speaks regularly at events such as RSA, DEFCON, and Black Hat, and is a SANS Internet Storm Center incident handler. His work includes service in the Washington State Guard as the Cybersecurity Advisor to the Washington Military Department.

View presentation materials:  Memory Analysis with Volatility.

Mission Statement

To Provide education and promote the use of best practices on Cloud Security in the Pacific Northwest.

• Join Us

  

• Chapter Sponsors

  Cybereason

  Illumio

  Juniper Networks

  Tanium

  Mimecast

  Haystack Associates, Inc.