BEC201 RAM Investigations Course (26-28 July 2021)

Date:26-28 July 2021

Price: $1450 USD

Location: Online

Price

$1,450.00

This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.

The BEC platform provides a comprehensive toolset for the examiner to locate artifacts from:

  • Running processes
  • Network connections and file shares
  • Internet browsers
  • Social media content

The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.

During Instructor-led course activities, and exercises – participants will demonstrate the ability to efficiently analyze digital artifacts acquired from RAM while utilizing BEC.

COURSE DETAILS

Language: English

Duration: 3 days

Formats: Onsite or online

MODULES

  1. Introduction 1 Hour
  2. Understanding Volatile Data 2 Hours
  3. Acquiring RAM 2.5 Hours
  4. Analysis of Windows-based RAM Artifacts 2.5 Hours
  5. Parsing Link Files 2.5 Hours
  6. Analysis of Internet-based RAM Artifacts 2.5 Hours
  7. BEC Reporting 1 Hour
/* Omit closing PHP tag at the end of PHP files to avoid "headers already sent" issues. */