• LOGIN
    • No products in the cart.
Untitled-1 - Copy

(W28) Malware Analysis using Volatility

$289.00

14 in stock

Category:

Product Description

This course covers malware analysis using the Volatility framework addressing the Windows system. The main focus of the course is to present a set of Volatility plugins that allow you to perform malware forensic analysis. The course covers an introduction to Volatility and guides you through the creation of a laboratory before going into practical tasks, which can then be performed both in the Linux and the Windows environments.

18 CPE Credits

Self-paced


You will learn:

    • How to capture a memory image from a Windows machine using forensic software focused on this platform.


    • How to understand the data captured in memory.


    • Perform a forensic analysis live, using memory images provided by the instructor to learn to distinguish between the characteristics of an infected platform for malware and characteristics of a machine that is not infected.



New skills you will gain:

    • Working with extracted data from memory.


    • Creating a timeline for the forensic analysis of the captured image memory.


    • Understanding malware infection flow in libraries, services and processes that were running on the machine at the time of infection.



You will need:

    • A notebook with at least 2 GB RAM containing Virtualbox.


    • Optional: two virtual machines running Windows 7 (x86 and x64) – if you don’t have access to those, the course will cover other options.


    • The course will be constructed so that both Windows and Linux users will be able to benefit from the material and from the exercises.



You should know:

    • DOS commands


    • How to translate a memory address


    • Pointers



Your instructor: 

paulopereira

Paulo Henrique Pereira, PhD

Born in São Paulo, Brazil. He has a PhD in the area of analytical induction. Researcher at the University Nove de Julho (UNINOVE) in the area of forensics and security (penetration testing). Works with forensic analysis and reverse engineering of malware. In his spare time, he splits his time between the practice of fly fishing in the rivers that cut through the mountains and programming languages C and Python.

 

 


Download Pre-Course Materials 


Syllabus


Module 1:  Introduction to Volatility

    • Presentation of Volatility environment for forensic purposes


    • Presentation of module functions in Volatility


Exercises:

Using the image provided by the instructor for: 

    • Creation of a chain of custody for the correct profile image.


    • Detecting Service Pack installed.


    • Detecting the date, time and location of the time zone in which the image was made.



Module 2: The architecture of the GUI Windows system from the forensics point of view

    • Memory Forensics plugins for forensics analysis of the GUI Windows.


Exercises:

    • Extracting evidence from a Windows GUI subsystem.


    • Identification of hidden processes.


    • Kernel driver identification.


    • Exploring the plugins to collect evidence.



Module 3: Nefarious actions under the Windows architecture

    • Using Volatility plugins to understand malicious activity.


Exercises:

    • Discovering passive malicious activity on the Windows GUI environment.



Module 4: The malicious intelligence from behind the instruction codes and the artifacts in memory

    • The exploitation of system resources to obtain privileges and analyzing algorithm for data capture


    • Research Callbacks


    • Analysis system subclasses


    • Looking for code injection in DLLs


    • Enumerating object types


Exercises:

    • Verification of User handle table


    • Delving artifacts resident in memory



Course format: 

    • The course is self-paced – you can visit the training whenever you want and your content will be there.


    • Once you’re in, you keep access forever, even when you finish the course. 


    • There are no deadlines, except for the ones you set for yourself. 


    • We designed the course so that a diligent student will need about 18 hours of work to complete the training.


    • You time will be filled with reading, videos, and exercises. 



Contact

If you have any questions, drop us a line: 



Reviews

There are no reviews yet.

Be the first to review “(W28) Malware Analysis using Volatility”

Your email address will not be published.