CS407

Course material for Computer Forensics III (Memory Forensics) / CS407 for Spring 2015.

Syllabus

Slides

Week 01_01 - Introduction

Week 01_02 - Memory Analysis Tools

Week 02_01 - KernelObjects

Week 02_01 - Volshell

Week 02_02 - Processes

Week 03_01 - Memory Internals

Week 03_02 - Malware Techniques

Week 04_01 - Malware Analysis

Week 04_02 - YARA

Week 04_02 - Event Logs

Week 05_01 - Services

Week 05_02 - Registry

Week 05_02 - Networking

Week 06_01 - Rootkits

Week 06_02 - More Rootkits

Week 06_02 - Stuxnet

Week 07_01 - GUI Part I

Week 07_02 - GUI Part II

Week 08 - Securing Your Lab

Week 08 - Disk Artifacts

Week 09 - Event Reconstruction

Week 10 - Timelining

Labs

Lab1

Lab2

Lab3

Lab4

Lab5