BEC201 RAM Investigations Course


Price: $1450 USD

Location: Online

More Info

This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.

The BEC platform provides a comprehensive toolset for the examiner to locate artifacts from:

  • Running processes
  • Network connections and file shares
  • Internet browsers
  • Social media content

The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.

During Instructor-led course activities, and exercises – participants will demonstrate the ability to efficiently analyze digital artifacts acquired from RAM while utilizing BEC.


Language: English

Duration: 3 days

Formats: Onsite or online


  1. Introduction 1 Hour
  2. Understanding Volatile Data 2 Hours
  3. Acquiring RAM 2.5 Hours
  4. Analysis of Windows-based RAM Artifacts 2.5 Hours
  5. Parsing Link Files 2.5 Hours
  6. Analysis of Internet-based RAM Artifacts 2.5 Hours
  7. BEC Reporting 1 Hour