Price: $1450 USD
This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.
The BEC platform provides a comprehensive toolset for the examiner to locate artifacts from:
The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.
During Instructor-led course activities, and exercises – participants will demonstrate the ability to efficiently analyze digital artifacts acquired from RAM while utilizing BEC.
Duration: 3 days
Formats: Onsite or online