![]() I have been using the "File Viewer" in Encase for quite some time to view different files with third party tools. In creating a training program for this I got to thinking how I can train a young team on how to use memory analysis tools with Encase. ![]() I have been getting a lot of requests from agencies that have a young Incident Response (IR) team with little or no experience to incorporate memory analysis training in with the normal Encase training. I like it because first off it is open source and I have found it to be very user friendly in identifying possible malware and being able to understand the results that are being retrieved from memory.Īs a consultant for Guidance Software’s Federal Sector I interact and train quite a few agencies on the deployment and use of Encase. ![]() I have been conducting Incident Response investigation for a few years now and have always used Volatility as my tool of choice. Memory Analysis has come a long way and it is imperative that a good Incident Responder realize the valuable information that can be obtained in analyzing memory. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |