SANS DFIR WebCast - Introduction to Windows Memory Analysis

Memory forensics has come a long way in just a few years. It can be extraordinarily effective at finding evidence of worms, rootkits, and advanced malware. While traditionally the sole domain of Windows internals experts, recent tools now make memory analysis feasible for anyone. Better interfaces, documentation, and built-in detection heuristics have greatly leveled the playing field. This talk will introduce some of the newest free tools available and give you a head start in adding this valuable skill to your security toolkit. Speaker Bio Chad Tilbury: Chad Tilbury has spent over ten years conducting incident response and forensic investigations. His extensive law enforcement and international experience stems from working with a broad cross-section of Fortune 500 corporations and government agencies around the world. During his service as a special agent with the Air Force Office of Special Investigations, he investigated a variety of computer crimes, including hacking, abduction, espionage, identity theft, and multi-million dollar fraud cases. He has led international forensic teams and was selected to provide computer forensic support to the United Nations Weapons Inspection Team. Chad has worked as a computer security engineer and forensic lead for a major defense contractor and more recently as the vice president of Worldwide Internet Enforcement for the Motion Picture Association of America. In that role, he managed Internet anti-piracy operations for the seven major Hollywood studios in over sixty countries. Chad is a graduate of the U.S. Air Force Academy and holds a BS and MS in computer science as well as GCFA, GCIH, and CISSP certifications. He is currently a consultant specializing in incident response, e-discovery, and computer forensics.