Abstract
Agenda -
# how to start volatility - Hands on-Get ready with system
# Profiles (default)- talk/demo
# Plugins (default) - talk/demo
# Methods of acquiring memory dumps - talk/demo
# dump live memory of a VM - talk/demo
# Working on memory dump samples - Hands-onPrerequisites -
Own Laptop or a computer with full privileged access (Avoid Company provided laptops with limited access).
Basic knowledge of Linux/Windows command line
Basic knowledge about networking, computer memory, Operating systems.Hardware & Software Requirement -
A Laptop with an operating system that can run volatility and having 5Gb hard disk free space. It will good if volatility installed and working perfectly.
Installation (Expected version 2.4)
1. instructions and download links are available at http://www.volatilityfoundation.org/#!24/c12wa
OR
2. You can have KALI Linux as a virtual machine or Live running.Links - https://code.google.com/p/volatility/
What to Expect?
1. Basics of volatility
2. How to fetch information from memory using volatility and plugins
3. Profiles
4. Hands on with volatilityWhat NOT to Expect?
1. Advanced memory forensics
2. Advanced malware hunting
3. Deep drive in to memory
4. Detailed troubleshooting of installation problems.
Speaker
Rajesh A. Works as a Sr. Security Analyst at IBM India Pvt. Ltd. He has about 10+ years of experience in information security domain. Major part of his work experience goes in to VAPT. Associated with Bangalore NULL from more than 5 years. Interested in sharing knowledge, learning forensics and mobile security. Likes riding bicycles, motor cycles, nature, river,etc.
Timing
Starts at Saturday February 28 2015, 02:30 PM. The sessions runs for about 4 hours.