RAM is the gatekeeper to the Operating System, and Memory Analysis is quickly becoming an integral part of every malware and incident response investigation.  Windows memory can contain an abundance of artifacts and data that can’t be found elsewhere in a forensic image including plain text passwords, exited process lists, and more.  In this session we’ll dive into industry proven best practices that will provide analysts with the tools and know-how to begin analyzing Windows memory samples. If your lab isn’t conducting memory analysis, this is how to start. We will then focus on how you can benefit from memory analysis utilizing Magnet AXIOM, using its artifacts first approach and Volatility integration. You will see how utilizing AXIOM to analyze memory, alongside other evidence sources, can save you time and add value to your examinations.

The topics we will cover are: 
- What tools are available  
- Where to obtain open source tools 
- How to install and configure the tools 
- How to develop an analysis process 
- How to run the tools 
- How to interpret the results 

If you would like to apply for a CPE credit for attending this lab session, Magnet Forensics will issue a certificate of attendance after the completion of the conference. In order to qualify for this certificate, you must validate your attendance by checking in and checking out of the session on-site.