Malware Detection and Triage with Volatility 3

Memory forensics—the analysis of volatile memory (RAM)—is an extremely powerful technique for detecting and triaging modern malware. Memory forensics is often a critical component of modern incident response due to the frequent use of memory-only payloads and rootkits that bypass modern EDRs, hide from live analysis tools, and often leave no file system artifacts. Memory analysis reconstructs system state without relying on operating system APIs, allowing it to both detect modern malware and provide automated triage results. In this course, a mix of lectures and hands-on labs provides students with the knowledge and experience necessary to perform real-world incident response using memory analysis for detection and hunting of sophisticated malware on Windows 10+ systems. The course is taught by two core developers of Volatility 3, the exciting new version of the world's most widely used memory analysis framework, and provides early access to upcoming capabilities