- March 9-13, San Diego, CA
- April 20-24, Herndon, VA
- September 21-25, Amsterdam, NL
- October 19-23, Herndon, VA [Date revised from original announcement]
Our incident-driven, cutting-edge material is one of the main reasons students value our course. We don't teach the same concepts year after year. Instead, we update our class regularly to stay in sync with (and in some cases, ahead of) rapidly changing attack surfaces, advances in defense technologies, malware hiding tricks, and operating system forensics artifacts. A few recent additions include:
- Updated memory analysis techniques for ongoing Windows 10 changes
- Analysis of "stealthy" mechanisms to hide memory-only code
- Automatic comparisons of live forensics data to memory forensics data for detection of malware
- Scalable and automated memory acquisition of Linux systems
- Memory acquisition challenges from OS X Catalina systems
An awesome training class from @volatility. Lived up to every great review I've read.— Brian Baskin (@bbaskin) October 18, 2019
Kudos to @attrc and @iMHLv2 pic.twitter.com/xcf4eXfHQT
One of the most popular class contests is our CTF that pits individuals (or teams of two) against the rest of the class, in a challenge that involves analyzing Windows and Linux memory samples in a scenario resembling events that unfolded during the 2016 U.S. Presidential Election.Learned a ton, won some stuff, got free drinks. Had an excellent week attending @volatility training. 😊 pic.twitter.com/ZK4OioYCiz— Sarah (@StarSlaughter) April 21, 2018
Swag including coffee mugs, t shirts, and @volatility branded @SyncStop devices for our training CTF winners #dfir #memoryforensics pic.twitter.com/z5kKS4DTnf— volatility (@volatility) April 20, 2018
To continue providing the most up-to-date memory forensics training available anywhere in the world, our instructors constantly perform high-impact, real-world DFIR (1, 2 3, 4, 5, 6, 7, 8, 9). The knowledge gained during these investigations is immediately transitioned into content and labs for our training courses.
Besides the core knowledge needed to perform effective memory forensics, we also teach the latest tools and techniques for reliable memory acquisition. Students will gain experience using Volexity Surge Collect Pro for robust, fast, and secure collection of Windows, Linux, and OS X memory to local and remote/network-based destinations. Students can purchase Surge licenses at a discounted price during course registration (see Memory Forensics Training FAQ) or separately after the class.
In closing this update, we would again like to thank the DFIR community for its continued support of the Volatility project, including the recent warm reception at OSDFCon 2019. It was great seeing and meeting so many users around the world this year, particularly at OSDFCon, Black Hat, DFRWS, BSidesNOLA, BSidesAustin, BSidesLV, and in Herndon and London.
-- The Volatility Team
Post a Comment