Monday, March 18, 2013

Official Training by Volatility - Reston/VA, June 2013

The next journey to the center of Windows Memory Forensics starts in Reston, VA this June!

We are pleased to announce the 3rd public offering of the Windows Malware and Memory Forensics Training by The Volatility Project. This is the only memory forensics course officially designed, sponsored, and taught by the Volatility developers. One of the main reasons we made Volatility open-source is to encourage and facilitate a deeper understanding of how memory analysis works, where the evidence originates, and how to interpret the data collected by the framework's extensive set of plugins. Now you can learn about these benefits first hand from the developers of the most powerful, flexible, and innovative memory forensics tool.

Dates: Monday, June 10th through Friday, June 14th 2013
Location: Reston, VA (exact location will be shared upon registration)
Instructors: Michael Ligh (@iMHLv2), Andrew Case (@attrc), Jamie Levy (@gleeda)

For more information about the course, view the Volatility Training Flyer (to download a copy of the PDF, click File > Download). To request a link to the online registration site or to receive a detailed course agenda/outline, please send an email voltraining [at]

Curious what our past attendees have been saying about the class? Here are some testimonials:
"The knowledge of the instructors was more than a cut above those at a standard forensics training course." - Anonymous
"This is hands down the most relevant course I have taken in years. I would highly recommend it to any incident responder." - Jack Crook, Information Security Incident Handler
"It is by far the most advanced DFIR course that anyone can take. The course is an amazing value and contains undocumented information on memory analysis." - Wyatt Roersma, Infrastructure Security Engineer 
"Any good memory forensics course is going to teach volatility, so you might as well learn it from the leaders in the field." - Scott Plastine, Incident Response Analyst 
"I went from knowing next to nothing about memory forensics to feeling confident in my ability to identify malware in memory." - Anonymous
"The instructors are highly professional and well versed in memory analysis. This tool beats any other tool in this space." - Byron Thompson, End-Point Security

(New) Word of Caution

We heard that attackers have been circulating phish-like emails and advertising unofficial memory analysis training courses with Volatility. If you happen to see one, please retain a copy of the message and email headers for investigation. It should be fairly obvious - if the instructors are not among the individuals listed on the Volatility Team Page, then you run the risk of being overcharged and misinformed.

Friday, March 15, 2013

If You're Going to Cheat...

If you're going to cheat, might as well use an official cheat sheet!

Need some help navigating through all of Volatility's plugins and options? Want a birds-eye view of the framework's major capabilities for Windows operating systems? Not sure where to look or who to ask for more information on the project? This cheat sheet should solve all three of your problems, and then some.

Click on the image to the right to open the PDF cheat sheet.

Teaser: Registration for our next Windows Malware and Memory Forensics Training Course opens next week (Monday March 18th, 2013). Stay tuned for the announcement and details.