Name
From Dead Box to Live Memory: Breathing Context into Forensic Investigations
Speakers
Magnet Forensics Training Team
Description
Traditionally the domain of experienced forensic examiners, memory analysis can provide access to evidence you can’t obtain through “dead-box” forensics alone. In many cases, memory analysis may be the only way to obtain evidence critical to solving your investigation. Using cybercrime and cybersecurity incident response case studies, this lab will discuss how AXIOM’s integration of core plugins from the popular tool, Volatility, makes deep memory analysis more accessible to forensic examiners. In addition, learn how to incorporate memory artifacts into a broader timeline together with artifacts from other data sources for a well-rounded investigation.