Today's malware authors are using advanced techniques to keep their malware stealthy. Many of these malware remain 'unknown' to traditional malware detection tools for long periods of time. Malware like Zeus, Spyeye, Bolware, etc. were able to successfully bypass security controls and infect thousands of machines. Automated Memory Forensics is one of the techniques that could help detect advanced malware. This training will introduce students how to work with volatility and automate commonly used command outputs. They will also learn how this output can be visualized using R and learn how to perform advanced statistical analysis to detect anomalies. A good understanding of Windows OS Memory would be beneficial.
What You Will Learn:
- Hands-on malware analysis using Volatility
- How to customise Volatility code
- How to get started with R
- Visualize the Volatility output in R
- How to script in R to help automate memory analysis
- Learn strategies for detecting advanced malware using R's statistical analysis capabilities
- How to do massive Memory Analysis on thousands of machines simultaneously and detect anomalies
This course is for intermediate to advanced malware analysts, forensic experts, information security professionals, or others requiring an understanding of how to perform automated memory forensics.
You want will to bring a laptop which is able to run 2 vms with ease. Please do not bring netbooks.
- VMware Player / Workstation / Fusion
- At least 40 GB HD free
- At least 4 GB of RAM
- USB 2.0 support or better
- Patience and a will to suffer
Students will be provided with virtual machines for use in the class.
