BelkaX-201 RAM Investigations Course
This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.
The course details:
Language: English
Duration: 3 days
Formats: Onsite or online
This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.
The course is designed for
The course content
The Belkasoft X platform provides a comprehensive toolset for the examiner to locate artifacts from:
- Running processes
- Network connections and file shares
- Internet browsers
- Social media content
The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.
During Instructor-led course activities and exercises, participants will acquire the ability to efficiently analyze digital artifacts acquired from RAM while utilizing Belkasoft X.
Modules
- Introduction1 hour
- Understanding Volatile Data2 hours
- Acquiring RAM2.5 hours
- Analysis of Windows-based RAM Artifacts2.5 hour
- Parsing Link Files2.5 hours
- Analysis of Internet-based RAM Artifacts2.5 hours
- Belkasoft X Reporting1 hour
Expertise
Belkasoft course is written based on over fifteen years of field experience from working with LE officers and CCU examiners worldwide.
The techniques taught in this course have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and mentors.