Malware and Memory Forensics Training in 2019!

We are excited to announce that in 2019 we will have 3 public offerings of our highly popular and newly updated Malware and Memory Forensics training course. If you would like to join us, our international course will be in London in September, and our US course will be back in Reston/Herndon, VA, during the week of April 8-12, and also in October. We will announce the specific weeks of the Fall courses soon.

Our cutting-edge materials are one of the main reasons students value our course. We don't teach the same concepts year after year. Instead, we update our class regularly to stay in sync with (and in some cases, ahead of) the rapidly changing attack surfaces, advances in defense technologies, malware hiding tricks, and operating system forensics artifacts. A few recent additions include:

• Updated memory analysis techniques for Windows 10 changes
• Challenges of recent hibernation file analysis
• Incorporating decompression of memory pages and paging files into analysis
• Expanded coverage of memory-only Powershell and .NET based attacks
• Scalable and automated memory acquisition of Linux systems
• Memory acquisition challenges from OS X Mojave systems

Not only only will you be learning these memory forensics topics directly from the authors of the Volatility Framework and the Art of Memory Forensics, but you will also receive Volatility stickers, a branded USB drive, a copy of the Art of Memory Forensics (digital or print), and various opportunities to win SyncStops - all nicely documented by a recent student:

Learned a ton, won some stuff, got free drinks. Had an excellent week attending @volatility training. 😊 pic.twitter.com/ZK4OioYCiz

— Sarah (@StarSlaughter) April 21, 2018

We also recently started providing students with a foldable copy of our popular cheat sheet:

Students of our @blackhatevents Digital Forensics & Incident Response class this week will be the first to receive the new foldable @volatility cheat sheets!

Thanks to @Volexity for putting these together! pic.twitter.com/hJ5HHfPy5z

— Andrew Case (@attrc) August 4, 2018

 One of the most popular class contests is our CTF that pits individuals (or teams of two) against the rest of the class, in a challenge that involves analyzing Windows and Linux memory samples in a scenario resembling events that unfolded during the 2016 U.S. Presidential Election.

Swag including coffee mugs, t shirts, and @volatility branded @SyncStop devices for our training CTF winners #dfir #memoryforensics pic.twitter.com/z5kKS4DTnf

— volatility (@volatility) April 20, 2018

To continue providing the most up-to-date memory forensics training available anywhere in the world, our instructors constantly perform high impact, real-world DFIR  (1, 2, 3, 4, 5, 6, 7). The knowledge gained during these investigation is immediately transitioned into content and labs for our training courses.

Besides the core knowledge needed to perform effective memory forensics, we also teach the latest tools and techniques for reliable memory acquisition. Students will gain experience using Volexity Surge Collect Pro for robust, fast, and secure collection of Windows, Linux, and OS X memory to local and remote/network-based destinations. Students can purchase Surge licenses at a discounted price during course registration (see Memory Forensics Training FAQ) or separately after the class.

In closing this update, we would again like to thank the DFIR community for its continued support of the Volatility project and our associated training course. It was great seeing and meeting so many users around the world this year, particularly at OSDFCon, Black Hat, DFRWS, BSidesNOLA, and in Amsterdam and Herndon.

-- The Volatility Team