SANS New Orleans Training to Address the Urgent Need for Incident Response Teams to Strengthen their In-House Memory Forensic Capabilities

  • Bethesda, MD
  • November 7, 2016

SANS Institute, the global leader in information security training, today announced it will address the urgent need for incident response (IR) teams to focus investigative efforts on system memory at the SANS Security East 2017 training event in New Orleans, January 9 – 14. The FOR526: Memory Forensics In-Depth course will arm IR and digital forensic (DF) professionals with the advanced investigative methods to find evidence in volatile memory even in the newest OS versions such as Windows 10.

According to the co-author and instructor of FOR526, Alissa Torres, “Windows 10 adoption is steadily increasing. As the prevalence of Windows 10 continues to grow, investigators will soon be diving into unknown territory, encountering new applications and forensic artifacts. To effectively and efficiently spot malicious code, responders must know what normal now looks (and acts) like. It is time to focus on “re-education” and development of the skills needed to perform Windows 10 live system memory triage, acquisition and analysis.” Join Alissa Torres in New Orleans where she will discuss the new challenges in the world of forensics and how to spot modern malware.

The FOR526: Memory Forensics In-Depth course provides the critical skills necessary for DF examiners and incident responders to successfully perform live system memory triage and analyze captured memory images. The course uses the most effective freeware and open-source tools in the industry today and provides an in-depth understanding of how these tools work. FOR526 is a critical course for any serious DFIR investigator who wants to tackle advanced forensics, trusted insider, and incident response cases.

To aid in rapid proficiency, students in the FOR526 course will participate in newly-added intensive hands-on memory forensic challenges. These challenges incorporate the SANS NetWars scoring server and are designed to help students test and hone their memory analysis skills.

For a complete list of courses offered at SANS Security East 2017, bonus evening discussions or to register, please visit: