Difference between pages "Upcoming events" and "Memory analysis"

From ForensicsWiki
(Difference between pages)
Jump to: navigation, search
(Calls For Papers)
 
(Volatility Labs)
 
Line 1: Line 1:
This is a BY DATE listing of upcoming conferences and training events relevant to [[digital forensics]].  It is not an all inclusive list, but includes most well-known activities.  Some events may duplicate events on the generic [[conferences]] page, but entries in this list have specific dates and locations for the upcoming event.
+
'''Memory Analysis''' is the science of using a [[Memory Imaging|memory image]] to determine information about running programs, the [[operating system]], and the overall state of a computer. Because the analysis is highly dependent on the operating system, it has been divded into the following pages:
  
This listing is divided into four sections (described as follows):<br>
+
* [[Windows Memory Analysis]]
<ol><li><b><u>Calls For Papers</u></b> - Calls for papers for either Journals or for Conferences, relevant to Digital Forensics (Name, Closing Date, URL)</li><br>
+
* [[Linux Memory Analysis]]
<li><b><u>Conferences</u></b> - Conferences relevant for Digital Forensics (Name, Date, Location, URL)</li><br>
+
<li><b><u>On-Going / Continuous Training</u></b> - Training opportunities that are either always available online/distance learning format or that are offered the same time every month (Name, date-if applicable, URL)</li><br>
+
<li><b><u>Scheduled Training Courses</u></b> - Training Classes/Courses that are scheduled for specific dates/locations.  This would include online (or distance learning format) courses which begin on specific dates, instead of the "start anytime" courses listed in the previous section. (Name, Date(s), Location(s), URL)<br></li></ol>
+
  
Events should be posted in the correct section, and in date order. When events begin the same day, events of a longer length should be listed first.  New postings of events with the same date(s) as other events should be added after events already in the list. If a provider offers the same event at several locations simultaneously, the listing should have a single entry in the list with the date(s) and all locations for the event.
+
== OS-Independent Analysis ==
  
<i>Some conferences or training opportunities may be <u>limited</u> to <b>Law Enforcement Only</b> or to a specific audience. Such restrictions are noted when known.</i>
+
At the IEEE Security and Privacy conference in May 2011, Brendan Dolan-Gavitt presented a novel system, [http://www.cc.gatech.edu/~brendan/Virtuoso_Oakland.pdf Virtuoso], that was able to perform operating-system independent memory analysis. Using virtual machine introspection accompanied by a number of formal program analysis techniques, his system was able to monitor the machine-level instructions and behavior of application actions (listing processes, network connections, etc) and then automatically generate Volatility plugins that replicated this analysis.
  
The Conference and Training List is provided by the American Academy of Forensic Sciences (AAFS) Digital and Multi-media Listserv. 
+
== Encryption Keys ==
<i> (Subscribe by sending an email to listserv@lists.mitre.org with message body containing SUBSCRIBE AAFS-DIGITAL-MULTIMEDIA-LIST)</i>
+
Requests for additions, deletions or corrections to this list may be sent by email to David Baker <i>(bakerd AT mitre.org)</i>.
+
  
== Calls For Papers ==
+
Various types of encryption keys can be extracted during memory analysis.
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
* [[AESKeyFinder]] extracts 128-bit and 256-bit [[AES]] keys and [[RSAKeyFinder]] and private and public [[RSA]] keys from a memory dump [http://citp.princeton.edu/memory/code/].
|- style="background:#bfbfbf; font-weight: bold"
+
* [http://jessekornblum.com/tools/volatility/cryptoscan.py cryptoscan.py], which is a [[List of Volatility Plugins|plugin for the Volatility framework]], scans a memory image for [[TrueCrypt]] passphrases
! Title
+
! Due Date
+
! Website
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Aug 31, 2007
+
|http://www.dff-prague.com/News/article/sid=17.html
+
|-
+
|Techno-Security 2008
+
|May 8, 2008
+
|http://www.techsec.com/html/TechnoPapers.html
+
|-
+
|}
+
  
== Conferences ==
+
== See Also ==  
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
|- style="background:#bfbfbf; font-weight: bold"
+
! Title
+
! Date/Location
+
! Website
+
|-
+
|HTCIA 2007 International Training Conference & Exposition
+
|Aug 27-29, San Diego, CA
+
|http://www.htcia-sd.org/htcia2007.html
+
|-
+
|Recent Advances in Intrusion Detection (RAID) 2007
+
|Sep 05-07, Gold Coast, Queensland, Australia
+
|http://www.isi.qut.edu.au/events/conferences/raid07
+
|-
+
|14th International Conference on Image Analysis and Processing (ICIAP 2007)
+
|Sep 10-14, Modena, Italy
+
|http://www.iciap2007.org
+
|-
+
|3rd International Conference on IT-Incident Management & IT-Forensics
+
|Sep 11-12, Stuttgart, Germany
+
|http://www.imf-conference.org/
+
|-
+
|ForenSec Canada 2007
+
|Sep 17-18, Regina, Saskatchewan, Canada
+
|http://www.csiservices.ca/events.html#ForenSec
+
|-
+
|SANS Network Security
+
|Sep 22-30, Las Vegas, NV
+
|http://www.sans.org/ns2007/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|Black and White Ball
+
|Sep 25-28, London, UK
+
|http://www.theblackandwhiteball.co.uk/
+
|-
+
|Wisconsin Association of Computer Crimes Investigators/Forensic Association of Computer Technologists
+
|Sep 26-28, Milwaukee, WI
+
|http://www.byteoutofcrime.org
+
|-
+
|6th Annual Internet Crimes Against Children National Conference
+
|Oct 15-18, San Jose, CA
+
|http://www.icactraining.org/website/registration.html
+
|-
+
|BlackHat Japan - Briefings
+
|Oct 23-26, Tokyo, Japan
+
|http://www.blackhat.com/html/bh-japan-07/bh-jp-07-main.html
+
|-
+
|Global Conference on Economic and High-Tech Crime (NW3C Membership Required)
+
|Oct 24-26, Crystal City, VA
+
|https://conference.nw3c.org/index.cfm
+
|-
+
|European Network Forensic and Security Conference 2007
+
|Oct 24-26,  Zuyd University, Heerlen, Netherlands
+
|http://www.enfsc2007.com/
+
|-
+
|Techno-Forensics Conference
+
|Oct 29 - 31, Rockville, MD
+
|http://www.techsec.com/html/TechnoForensics2007.html
+
|-
+
|First Forensic Forum Conference (F3 Conference)
+
|Nov 3-5, Tortworth, England
+
|http://www.f3.org.uk/
+
|-
+
|DeepSec IDSC
+
|Nov 22-24, Vienna, Austria
+
|http://deepsec.net/
+
|-
+
|Digital Forensic Forum Prague 2007
+
|Nov 26-27, Prague, Czech Republic
+
|http://www.dff-prague.com/
+
|-
+
|PacSec Applied Security Conference
+
|Nov 29-30, Tokyo, Japan
+
|http://www.pacsec.jp/index.html
+
|-
+
|DoD Cyber Crime Conference 2008
+
|Jan 13-18, St. Louis, MO
+
|http://www.dodcybercrime.com/
+
|-
+
|AAFS Annual Meeting 2008
+
|Feb 18-23, Washington, DC
+
|http://aafs.org/default.asp?section_id=meetings&page_id=aafs_annual_meeting
+
|-
+
|CanSecWest Security Conference 2008
+
|Mar 19-21, Vanouver, BC, Canada
+
|http://cansecwest.com/
+
|-
+
|EuSecWest Security Conference 2008
+
|May 21-22, London, England
+
|http://eusecwest.com/
+
|-
+
|Techno-Security 2008
+
|Jun 01-04, Myrtle Beach, SC
+
|http://www.techsec.com/html/Techno2008.html
+
|-
+
|}
+
  
== On-going / Continuous Training ==
+
* [[Memory Imaging]]
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
* [[:Tools:Memory Imaging|Memory Imaging Tools]]
|- style="background:#bfbfbf; font-weight: bold"
+
* [[:Tools:Memory Analysis|Memory Analysis Tools]]
! Title
+
! Date/Location or Venue
+
! Website
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|Third weekend of every month -Fri, Sat, Sun, Mon, Dallas, TX
+
|http://www.md5group.com
+
|-
+
|Basic Computer Examiner Course
+
|Computer Forensic Training Online
+
|http://www.cftco.com
+
|-
+
|MaresWare Suite Training
+
|First full week every month, Atlanta, GA
+
|http://www.maresware.com/maresware/training/maresware.htm
+
|-
+
|Linux Data Forensics Training
+
|Distance Learning Format
+
|http://www.crazytrain.com/training.html
+
|-
+
|Evidence Recovery for Windows Vista&trade;
+
|First full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for Windows Server&reg; 2003 R2
+
|Second full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|Evidence Recovery for the Windows XP&trade; operating system
+
|Third full week every month, Brunswick, GA
+
|http://www.internetcrimes.net
+
|-
+
|SANS On-Demand Training
+
|Distance Learning Format
+
|http://www.sans.org/ondemand/?portal=69456f95660ade45be29c00b0c14aea1
+
|-
+
|}
+
  
== Scheduled Training Courses ==
+
== External Links ==
{| border="0" cellpadding="2" cellspacing="2" align="top"
+
=== Volatility Labs ===
|- style="background:#bfbfbf; font-weight: bold"
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-11-logon-sessions-processes-and.html MoVP 1.1 Logon Sessions, Processes, and Images]
! Title
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-12-window-stations-and-clipboard.html MoVP 1.2 Window Stations and Clipboard Malware]
! Date/Location
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-13-desktops-heaps-and-ransomware.html MoVP 1.3 Desktops, Heaps, and Ransomware]
! Website
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-14-average-coder-rootkit-bash.html MoVP 1.4 Average Coder Rootkit, Bash History, and Elevated Processes]
! Limitation
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-15-kbeast-rootkit-detecting-hidden.html MoVP 1.5 KBeast Rootkit, Detecting Hidden Modules, and sysfs]
|-
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-21-atoms-new-mutex-classes-and-dll.html MoVP 2.1 Atoms (The New Mutex), Classes and DLL Injection]
|EnCase v6 Computer Forensics II
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-22-malware-in-your-windows.html MoVP 2.2 Malware In Your Windows]
|Aug 21-24, Houston, TX
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-23-event-logs-and-service-sids.html MoVP 2.3 Event Logs and Service SIDs]
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-24-analyzing-jynx-rootkit-and.html MoVP 2.4 Analyzing the Jynx rootkit and LD_PRELOAD]
|-
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-25-investigating-in-memory-network.html MoVP 2.5: Investigating In-Memory Network Data with Volatility]
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-31-detecting-malware-hooks-in.html MoVP 3.1 Detecting Malware Hooks in the Windows GUI Subsystem]
|Aug 21-24, Melbourne, Australia
+
* [http://volatility-labs.blogspot.ch/2012/09/howto-scan-for-internet-cachehistory.html HowTo: Scan for Internet Cache/History and URLs]
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-32-shellbags-in-memory-setregtime.html MoVP 3.2 Shellbags in Memory, SetRegTime, and TrueCrypt Volumes]
|-
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-33-analyzing-user-handles-and.html MoVP 3.3 Analyzing USER Handles and the Win32k.sys Gahti]
|EnCase v6 NTFS
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-34-recovering-tagclipdata-whats-in.html MoVP 3.4: Recovering tagCLIPDATA: What's In Your Clipboard?]
|Aug 21-24, Washington DC
+
* [http://volatility-labs.blogspot.ch/2012/09/movp-35-analyzing-2008-dfrws-challenge.html MoVP 3.5: Analyzing the 2008 DFRWS Challenge with Volatility]
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
 
|-
+
=== Volatility Videos ===
|EnCase v6 Computer Forensics I
+
* [http://sketchymoose.blogspot.ch/2011/10/set-up-to-more-memory-forensics.html Set Up to More Memory Forensics!], October 2011
|Aug 21-24, Chicago, IL
+
* [http://www.youtube.com/watch?v=8HsZLge0wWc Using Volatility: Suspicious Process (1/2)]
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
* [http://www.youtube.com/watch?v=XTZPNk-Esok Using Volatility: Suspicious Process (Part 2/2)]
|-
+
 
|EnCase v6 Advanced Internet Examinations
+
[[Category:Memory Analysis]]
|Aug 21-24, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase Enterprise v6 - Phase II
+
|Aug 21-24, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|SARC Steganography Examiner Training
+
|Aug 24-25, San Diego, CA (HTCIA Conference 2007)
+
|http://www.sarc-wv.com/training.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Aug 28-31, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Aug 28-31, Singapore
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Aug 28-31, Savannah, Georgia
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Aug 28-31, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Aug 28-31, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Helix Live Forensics and Incident Response Course
+
|Aug 28-30, Tennessee Bureau of Investigations - Nashville, TN
+
|https://www.e-fense.com/register.php
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Aug 30-31, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|SMART for Linux
+
|Sep 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Handheld Forensic Course
+
|Sep 04-07, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Sep 04-07, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Sep 04-07, Melbourne, Australia and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
|Sep 04-07, The Netherlands
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Sep 04-07, Austin, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData BootCamp
+
|Sep 04-06, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|September 7, 8, 9, 10 in New York City, NY
+
|http://www.md5group.com
+
|-
+
|Paraben E-Discovery: E-mail & Mobile E-mail Devices
+
|Sep 10-14, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Sep 10-12, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|EnCase v6 Computer Forensics II
+
|Sep 11-14, United Kingdom and Singapore
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Sep 11-14, Houston, TX and Washington, DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase Enterprise v6 - Phase I
+
|Sep 11-14, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Sep 11-14, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|First Responder to Digital Evidence Program (FRDE)
+
|Sep 11-13, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|AccessData Applied Decryption
+
|Sep 11-13, Dallas, TX
+
|http://www.accessdata.com/training
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Sep 13-14, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|Paraben Network Incident Response
+
|Sep 17-21, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Enterprise Data Forensics
+
|Sep 17-19, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Sep 18-21, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Sep 18-21, Houston, TX and Leipzig, Germany
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Sep 18-21, Sydney, Australia and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Sep 18-21, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Sep 20-21, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|September 21, 22, 23, 24 in Dallas, TX
+
|http://www.md5group.com
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|September 21, 22, 23, 24 in Pittsburgh, PA
+
|http://www.md5group.com
+
|-
+
|Internet Investigations Training Program (IITP)
+
|Sep 24-28, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|Macintosh Forensic Survival Course
+
|Sep 24-28, Santa Ana, CA
+
|http://www.phoenixdatagroup.com/cart/index.php
+
|-
+
|BlackBag Introductory MacIntosh Forensics
+
|Sep 24-28, Richmond, VA
+
|http://www.blackbagtech.com/products/training.htm
+
|Limited to Law Enforcement
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Sep 24-26, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Introduction to Cyber Crime
+
|Sep 24-26, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
|Sep 25-28, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Sep 25-28, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Sep 25-28, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Sep 25-28, Toronto, Ontario, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData Applied Decryption
+
|Sep 25-27, Chicago, IL
+
|http://www.accessdata.com/training
+
|-
+
|AccessData BootCamp
+
|Sep 25-27, Solna, SE
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|Sep 26-28, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Sep 27-28, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|SMART for Linux
+
|Oct 01-04, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Paraben Wireless Forensics
+
|Oct 01-03, San Diego, CA
+
|http://www.paraben-training.com/
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Oct 02-05, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
|Oct 02-05, Los Angeles, CA, Washington, DC and Perth, Australia
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Oct 02-05, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Oct 02-05, The Netherlands
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 EnScript Programming - Phase II
+
|Oct 02-05, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Oct 02-05, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Cellular/GPS Signal Analysis
+
|Oct 04-05, Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|October 5, 6, 7, 8 in Denver, CO
+
|http://www.md5group.com
+
|-
+
|Paraben Handheld Forensic Course
+
|Oct 8-11, San Diego, CA and Potomac Falls, VA
+
|http://www.paraben-training.com/
+
|-
+
|SMART Windows Data Forensics
+
|Oct 08-10, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase I
+
|Oct 09-12, Los Angeles, CA and The Netherlands
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
|Oct 09-12, Sydney, Australia
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Oct 09-12, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Oct 09-12, Washington, DC and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Oct 09-12, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Oct 09-12, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Digital Evidence Acquisition Specialist Training Program (DEASTP)
+
|Oct 15-26, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|BlackBag Introductory MacIntosh Forensics
+
|Oct 15-19, Tacoma, WA
+
|http://www.blackbagtech.com/products/training.htm
+
|-
+
|Paraben E-Discovery: E-mail & Mobile E-mail Devices
+
|Oct 15-19, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase II
+
|Oct 15-18, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Oct 15-17, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Oct 16-19, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase I
+
|Oct 16-19, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Oct 16-19, Washington DC and Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Oct 16-19, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase Enterprise v6 - Phase II
+
|Oct 16-19, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase II
+
|Oct 16-19, The Netherlands
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Oct 16-19, Austin, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 EnScript Programming - Phase I
+
|Oct 16-19, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Oct 18-19, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|Computer Forensics Training and CCE&trade; Testing for Litigation Support Professionals
+
|October 12, 13, 14, 15 in Dallas, TX
+
|http://www.md5group.com
+
|-
+
|X-Ways Forensics
+
|Oct 22-24, Hong Kong
+
|http://www.x-ways.net/training/hong_kong.html
+
|-
+
|EnCase v6 Computer Forensics II
+
|Oct 23-26, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Oct 23-26, Canberra, Australia
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Oct 23-26, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Oct 23-26, Los Angeles, CA and Singapore
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase eDiscovery with v6
+
|Oct 23-26, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Oct 23-26, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|File Systems Revealed
+
|Oct 25-26, Hong Kong
+
|http://www.x-ways.net/training/hong_kong.html
+
|-
+
|SARC Steganography Examiner Training
+
|Oct 26 - 27, Gaithersburg, MD (Techno Forensics Conference 2007)
+
|http://www.sarc-wv.com/training.aspx
+
|-
+
|Seized Computer Evidence Recovery Specialist (SCERS)
+
|Oct 29-Nov 9, FLETC, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation/
+
|Limited to Law Enforcement
+
|-
+
|Search and Seizure of Computers and Electronic Evidence
+
|Oct 29-30, Oxford, MS
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|EnCase v6 Computer Forensics II
+
|Oct 30-Nov 02, Los Angeles, CA and The Netherlands
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Oct 30-Nov 02, Washington DC and Toronto, Ontario, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Oct 30-Nov 02, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase I
+
|Oct 30-Nov 02, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase Enterprise v6 - Phase I
+
|Oct 30-Nov 02, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Oct 30-Nov 02, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Handheld Forensic Course
+
|Nov 05-08, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|SMART for Linux
+
|Nov 05-08, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase II
+
|Nov 05-08, Chicago, IL
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase Enterprise v6 - Phase II
+
|Nov 05-08, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Introduction to Cyber Crime
+
|Nov 05-07, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Nov 06-09, United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Nov 06-09, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 NTFS
+
|Nov 06-09, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Nov 06-09, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData BootCamp
+
|Nov 06-08, Austin, TX
+
|http://www.accessdata.com/training
+
|-
+
|AccessData Windows Forensics
+
|Nov 06-08, Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|Nov 07-09, Jackson, Mississippi
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|SMART Linux Data Forensics
+
|Nov 12-14, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|EnCase v6 Computer Forensics I - Private Sector
+
|Nov 13-16, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Nov 13-16, The Netherlands and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Nov 13-16, Sydney, Australia and Singapore
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Nov 13-16, Chicago, IL and Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Nov 13-16, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData BootCamp
+
|Nov 13-15, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|EnCase v6 Computer Forensics II
+
|Nov 20-23, Toronto, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
|Nov 20-23, Vancouver, BC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 NTFS
+
|Nov 27-30, Vancouver, BC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase I
+
|Nov 27-30, Sydney, Australia
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Nov 27-30, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics I
+
|Nov 27-30, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase eDiscovery with v6
+
|Nov 27-30, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Computer Network Investigation Training Program (CNITP)
+
|Dec 03-14, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|Internet Investigations Training Program (IITP)
+
|Dec 03-07, Glynco, GA
+
|http://www.fletc.gov/training/programs/computer-financial-investigations/technology-investigation
+
|Limited to Law Enforcement
+
|-
+
|SMART for Linux
+
|Dec 03-06, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|Introduction to Cyber Crime
+
|Dec 03-05, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|EnCase v6 Computer Forensics I
+
|Dec 04-07, Chicago, IL; Los Angeles, CA; Houston, TX; and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase I
+
|Dec 04-07, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Computer Forensics II
+
|Dec 04-07, Washington DC, Leipzig, Germany and Toronto, Ontario, Canada
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Dec 04-07, Vancouver, BC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|AccessData Internet Forensics
+
|Dec 04-06 , Solna, Sweden
+
|http://www.accessdata.com/training
+
|-
+
|Forensics Tools and Techniques
+
|Dec 05-07, Mississippi State University
+
|http://www.security.cse.msstate.edu/ftc/schedule.php
+
|Limited to Law Enforcement
+
|-
+
|EnCase v6 Network Intrusion Investigations - Phase II
+
|Dec 10-13, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Enterprise Data Forensics
+
|Dec 10-12, Austin, TX
+
|http://asrdata.com/training/training2.html
+
|-
+
|EnCase v6 Computer Forensics II
+
|Dec 11-14, Chicago, IL; Houston, TX; Los Angeles, CA; United Kingdom; and Melbourne, Australia
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Dec 11-14, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Computer Forensics
+
|Dec 17-20, Chicago, IL and Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 FIM/Mobile Use of EE Live Forensics
+
|Dec 17-20, Washington DC
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 Advanced Internet Examinations
+
|Dec 17-20, Washington, DC and United Kingdom
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|EnCase v6 NTFS
+
|Dec 17-20, Los Angeles, CA
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Advanced Cell Phone Forensics
+
|Dec 17-19, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|EnCase v6 Computer Forensics II – Private Sector
+
|Dec 18-21, Houston, TX
+
|http://www.guidancesoftware.com/training/course_schedule.aspx
+
|-
+
|Paraben Advanced SIM Card Forensics
+
|Dec 20-21, Mississauga, Ontario, Canada
+
|http://www.paraben-training.com/
+
|-
+
|}
+

Revision as of 01:21, 29 September 2012

Memory Analysis is the science of using a memory image to determine information about running programs, the operating system, and the overall state of a computer. Because the analysis is highly dependent on the operating system, it has been divded into the following pages:

OS-Independent Analysis

At the IEEE Security and Privacy conference in May 2011, Brendan Dolan-Gavitt presented a novel system, Virtuoso, that was able to perform operating-system independent memory analysis. Using virtual machine introspection accompanied by a number of formal program analysis techniques, his system was able to monitor the machine-level instructions and behavior of application actions (listing processes, network connections, etc) and then automatically generate Volatility plugins that replicated this analysis.

Encryption Keys

Various types of encryption keys can be extracted during memory analysis.

See Also

External Links

Volatility Labs

Volatility Videos