Few incident responders dispute the importance of memory analysis in incident response. Not only is memory acquisition faster than acquiring the hard drives of multiple (even hundreds of) computers; it’s often the only source of evidence in an ongoing attack. Frequently, memory contains valuable traces of system activity even when the attacker takes steps to hide what they’re doing.
This webinar will delve into the processes and user sessions that produce data across multiple users and one malicious file. With an emphasis on system activity, you’ll learn about memory artifacts including running processes, registry hives and keys, and other data that can help you determine what’s happening—and how to stop it.