ANT4001

Digital Forensics of RAM

Duration of training: 5 days

sign up for a course

description
course

The material of this course will allow listeners to study the processes, techniques, and tools for conducting forensic investigations of digital data in RAM. The course material also covers how to organize digital forensics processes and how to integrate them into the overall corporate cyber security architecture.

course audience

Engineers handling cyber security incidents; Digital forensics engineers.

prerequisites

Knowledge of operating systems architecture and operation at the ANT-OW101 and OL101 course levels, knowledge of cyber security incident handling processes at the ANT0401 course level, and knowledge of digital forensics at the ANT0402 and ANT0403 course level are required.

how it works
education

online course

The online course involves group classes with an instructor via video conferencing, in addition, homework and an exam.

for corporate clients

training for corporate clients includes online and self-study courses, as well as additional services required by corporate clients: organizing training plans for client departments, assessing the effectiveness of training, etc.

teacher
course

program
course

• Classification of cyber-attacks.
• Stages of a cyber-attack.
• Artefacts of cyber-attacks and their correlation.
• Process of conducting forensic investigations.
• Digital forensics tools.
• Methodology of handling cyber security incidents.
• Reconstructing the chronology of a cyber-attack.
• Generating and analyzing indicators of compromise in digital systems.
• Methods of retrieving information from RAM.
• Methods of retrieving information from processor registers and cache.
• Basic methods of analyzing RAM dumps.
• Objects and resource pools.
• Processes and their components.
• Searching malware and its artefacts.
• Analyzing registry data.
• Logs and events.
• Network subsystem artefacts.
• Windows services.
• Kernel data and rootkit searches.
• Analyzing GUI subsystem data.
• User actions and application artefacts.
• Artefacts of auxiliary system processes.
• Reconstructing the chronology of a cyber-attack.
• Processes and their components.
• Finding malware and its artefacts.
• Logs and events.
• Network subsystem artefacts.
• Kernel data and rootkit searches.
• User actions and application artefacts.
• Artefacts of auxiliary system processes.
• Reconstructing the chronology of a cyber-attack.
• Processes and their components.
• Finding malware and its artefacts.
• Logs and events.
• Network subsystem artefacts.
• Kernel data and rootkit searches.
• User actions and application artefacts.
• Artefacts of auxiliary system processes.
• Reconstructing the chronology of a cyber-attack.
• Corporate cyber security architecture.
• Monitoring cyber security events and incidents.
• Responding to cyber security events and incidents.
• Organizing digital forensics processes.
• Embedding digital forensics processes into corporate cyber security processes.

Сourse purchase
options

individual

Cost — $1,550.00

Group online classes

Unlimited access to all the materials

Live webinars with teachers

Homework

Exam with certificate

To confirm course dates fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy

corporate

Cost от $1,550.00

To obtain information about the final cost and clarify the date of the course, please fill out the form.

SUBMIT YOUR APPLICATION

* By clicking “send”, you agree to the Terms of Service And Privacy Policy