Practitioner's Guide to Capturing and Analysis of RAM

Dale Beauchamp - DojoSec January 2009 from Marcus Carey on Vimeo.

Dale Beauchamp, from the Department of Homeland Security (TSA), gave an interesting presentation at DojoSec on January 8th. He presents memory analysis from a practitioners point of view which is extremely useful for the community to hear. In his presentation, he described Volatility as “The best tool for going into memory” and how using Volatility a person could “solve a case in 10 minutes”. Dale also describes a batch script he wrote for running Volatility commands and Gleeda’s vol2html.