Memory Analysis Examinations - How to configure your examination machine - Andy Smith -

A short guide on installing some of the common memory analysis tools. Also provides hints on installing python libraries (that are needed by volatility plugins) without the need for using a gcc compiler.

Windows_Memory_Forensics_with_Volatility - Andreas Schuster -

Andreas Schuster's slides from the training he provided at FIRST 2009. The slides covers the fundamentals of memory management on the Microsoft Windows plateform. The slides cover the use of Volatility to uncover malicious system activity and how to write your first simple plug-in during the course.



E5h Forensic Solutions
1 Princess Drive, Sawston, Cambridgeshire, CB22 3DL 08709741131 email