{"id":2209,"date":"2020-03-18T10:04:22","date_gmt":"2020-03-18T10:04:22","guid":{"rendered":"https:\/\/isf.tvz.hr\/?p=2209"},"modified":"2020-04-07T18:05:53","modified_gmt":"2020-04-07T18:05:53","slug":"memory-forensics","status":"publish","type":"post","link":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/","title":{"rendered":"Memory Forensics"},"content":{"rendered":"<div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\"  style='background-color: rgba(255,255,255,0);background-position: center center;background-repeat: no-repeat;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px;'><div class=\"fusion-builder-row fusion-row \"><div  class=\"fusion-layout-column fusion_builder_column fusion_builder_column_1_3 fusion-builder-column-0 fusion-one-third fusion-column-first 1_3\"  style='margin-top:10px;margin-bottom:10px;width:33.33%;width:calc(33.33% - ( ( 4% ) * 0.3333 ) );margin-right: 4%;'><div class=\"fusion-column-wrapper\" style=\"padding: 0px 0px 0px 0px;background-position:left top;background-repeat:no-repeat;-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;\"   data-bg-url=\"\"><span class=\"fusion-imageframe imageframe-none imageframe-1 hover-type-none\"><img loading=\"lazy\" src=\"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/covjek_stoji_450.jpg\" data-orig-src=\"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/covjek_stoji_450.jpg\" width=\"450\" height=\"686\" alt=\"\" title=\"covjek_stoji_450\" class=\"lazyload img-responsive wp-image-2264\" srcset=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27450%27%20height%3D%27686%27%20viewBox%3D%270%200%20450%20686%27%3E%3Crect%20width%3D%27450%27%20height%3D%273686%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-srcset=\"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/covjek_stoji_450-200x305.jpg 200w, https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/covjek_stoji_450-400x610.jpg 400w, https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/covjek_stoji_450.jpg 450w\" data-sizes=\"auto\" data-orig-sizes=\"(max-width: 1000px) 100vw, 450px\" \/><\/span><div class=\"fusion-clearfix\"><\/div><\/div><\/div><div  class=\"fusion-layout-column fusion_builder_column fusion_builder_column_2_3 fusion-builder-column-1 fusion-two-third fusion-column-last 2_3\"  style='margin-top:10px;margin-bottom:10px;width:66.66%;width:calc(66.66% - ( ( 4% ) * 0.6666 ) );'><div class=\"fusion-column-wrapper\" style=\"padding: 0px 0px 0px 0px;background-position:left top;background-repeat:no-repeat;-webkit-background-size:cover;-moz-background-size:cover;-o-background-size:cover;background-size:cover;\"   data-bg-url=\"\"><style type=\"text\/css\"><\/style><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"margin-top:0px;margin-bottom:30px;\"><h3 class=\"title-heading-left\" style=\"margin:0;color:#d20000;\">Semester 3 \/ ECTS Credits: 5 ECTS<\/h3><\/div><div class=\"fusion-text\"><h3>Course Description:<\/h3>\n<p>This class will lay down the foundation of live data capture and analysis but also RAM analysis as being one of the best live data evidence types. Traditionally most of the forensics standard operating procedures have led us to \u201cpull the plug\u201d on a working machine to preserve the evidence. In the past few years this procedure has very slowly transitioned into \u201cif its running, it depends\u201d methodology. This \u201cit depends\u201d has been taken form the mobile forensic world where \u201cturn if off\u201d procedure has been impossible for quite some time and for forensic investigators to get any data, they must turn on the device and therefore change the original evidence. In today\u2019s modern world everything is constantly running, so we acutely cannot just pull the plug on most of the computers and IT equipment and we must grab data in its live form. The process of imagining live machine and obtaining a copy of data from a live system, has not been an issue but, analysis of what has been obtained, especially memory is. This class will go over through some of the methodology on how to obtain live data but will focus on memory analysis with volatility framework.<br \/>\nThe class will include comprehensive knowledge and practical skills of the topics covered with theories, concepts, and hands-on exercises.<\/p>\n<h3>Learning Outcomes:<\/h3>\n<ol>\n<li>Identify and recognize different live data sources<\/li>\n<li>How to work on a live system<\/li>\n<li>How RAM works and RAM imaging options<\/li>\n<li>Evaluate RAM analysis tools<\/li>\n<li>Working with Volatility framework<\/li>\n<li>Identify regular processes in working memory<\/li>\n<li>Analyzing the contents of the working memory for existence of malicious files<\/li>\n<li>Combine storage and analysis tools for producing a forensic report<\/li>\n<li>Self-evaluate procedures for storing data from computer memory<\/li>\n<li>Create reports on the digital forensic investigation of the working memory<\/li>\n<\/ol>\n<h3>Course content lectures:<\/h3>\n<ol>\n<li>Introduction to live system review<\/li>\n<li>Traditional forensics vs. Forensics of working memory<\/li>\n<li>Working with a power off or powered computer<\/li>\n<li>Live analysis methods<\/li>\n<li>Work with encrypted disk<\/li>\n<li>Data collection<\/li>\n<li>RAM overview and imaging<\/li>\n<li>Random access memory imaging<\/li>\n<li>Ram analysis<\/li>\n<li>Volatility framework<\/li>\n<li>Basic usage of Volatility framework<\/li>\n<li>Volatile Data Differences in Variable Data Operations<\/li>\n<li>Documenting collected evidence and steps taken during the investigation<\/li>\n<li>Create reports on the digital forensic investigation process<\/li>\n<\/ol>\n<\/div><div class=\"fusion-clearfix\"><\/div><\/div><\/div><\/div><\/div><style type=\"text\/css\">.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link) , .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):after {color: #d20000;}.fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:before, .fusion-fullwidth.fusion-builder-row-1 a:not(.fusion-button):not(.fusion-builder-module-control):not(.fusion-social-network-icon):not(.fb-icon-element):not(.fusion-countdown-link):not(.fusion-rollover-link):not(.fusion-rollover-gallery):not(.fusion-button-bar):not(.add_to_cart_button):not(.show_details_button):not(.product_type_external):not(.fusion-quick-view):not(.fusion-rollover-title-link):not(.fusion-breadcrumb-link):hover:after {color: #d20000;}.fusion-fullwidth.fusion-builder-row-1 .pagination a.inactive:hover, .fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a {border-color: #d20000;}.fusion-fullwidth.fusion-builder-row-1 .pagination .current {border-color: #d20000; background-color: #d20000;}.fusion-fullwidth.fusion-builder-row-1 .fusion-filters .fusion-filter.fusion-active a, .fusion-fullwidth.fusion-builder-row-1 .fusion-date-and-formats .fusion-format-box, .fusion-fullwidth.fusion-builder-row-1 .fusion-popover, .fusion-fullwidth.fusion-builder-row-1 .tooltip-shortcode {color: #d20000;}#main .fusion-fullwidth.fusion-builder-row-1 .post .blog-shortcode-post-title a:hover {color: #d20000;}<\/style>\n","protected":false},"excerpt":{"rendered":"<p>Semester 3 \/ ECTS Credits: 5 ECTS<\/p>\n","protected":false},"author":1,"featured_media":2417,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[21],"tags":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v17.5 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Memory Forensics - TVZ - Information Security and Digital Forensics<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/\" \/>\n<meta property=\"og:locale\" content=\"hr_HR\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Memory Forensics - TVZ - Information Security and Digital Forensics\" \/>\n<meta property=\"og:description\" content=\"Semester 3 \/ ECTS Credits: 5 ECTS\" \/>\n<meta property=\"og:url\" content=\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/\" \/>\n<meta property=\"og:site_name\" content=\"TVZ - Information Security and Digital Forensics\" \/>\n<meta property=\"article:published_time\" content=\"2020-03-18T10:04:22+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-04-07T18:05:53+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/semester_3.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"800\" \/>\n\t<meta property=\"og:image:height\" content=\"400\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Napisao\/la\" \/>\n\t<meta name=\"twitter:data1\" content=\"webadmin1\" \/>\n\t<meta name=\"twitter:label2\" content=\"Procijenjeno vrijeme \u010ditanja\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minuta\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebSite\",\"@id\":\"https:\/\/isf.tvz.hr\/#website\",\"url\":\"https:\/\/isf.tvz.hr\/\",\"name\":\"TVZ - Information Security and Digital Forensics\",\"description\":\"Study Programme\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/isf.tvz.hr\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"hr\"},{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#primaryimage\",\"inLanguage\":\"hr\",\"url\":\"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/semester_3.jpg\",\"contentUrl\":\"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/semester_3.jpg\",\"width\":800,\"height\":400},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#webpage\",\"url\":\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/\",\"name\":\"Memory Forensics - TVZ - Information Security and Digital Forensics\",\"isPartOf\":{\"@id\":\"https:\/\/isf.tvz.hr\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#primaryimage\"},\"datePublished\":\"2020-03-18T10:04:22+00:00\",\"dateModified\":\"2020-04-07T18:05:53+00:00\",\"author\":{\"@id\":\"https:\/\/isf.tvz.hr\/#\/schema\/person\/10016457ba19578af899f6dfefacbf35\"},\"breadcrumb\":{\"@id\":\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#breadcrumb\"},\"inLanguage\":\"hr\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/isf.tvz.hr\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Memory Forensics\"}]},{\"@type\":\"Person\",\"@id\":\"https:\/\/isf.tvz.hr\/#\/schema\/person\/10016457ba19578af899f6dfefacbf35\",\"name\":\"webadmin1\",\"image\":{\"@type\":\"ImageObject\",\"@id\":\"https:\/\/isf.tvz.hr\/#personlogo\",\"inLanguage\":\"hr\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/ea28ae2a1a9b191433250aaaffa620a3?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/ea28ae2a1a9b191433250aaaffa620a3?s=96&d=mm&r=g\",\"caption\":\"webadmin1\"},\"url\":\"https:\/\/isf.tvz.hr\/index.php\/author\/webadmin1\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Memory Forensics - TVZ - Information Security and Digital Forensics","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/","og_locale":"hr_HR","og_type":"article","og_title":"Memory Forensics - TVZ - Information Security and Digital Forensics","og_description":"Semester 3 \/ ECTS Credits: 5 ECTS","og_url":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/","og_site_name":"TVZ - Information Security and Digital Forensics","article_published_time":"2020-03-18T10:04:22+00:00","article_modified_time":"2020-04-07T18:05:53+00:00","og_image":[{"width":800,"height":400,"url":"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/semester_3.jpg","type":"image\/jpeg"}],"twitter_card":"summary_large_image","twitter_misc":{"Napisao\/la":"webadmin1","Procijenjeno vrijeme \u010ditanja":"6 minuta"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebSite","@id":"https:\/\/isf.tvz.hr\/#website","url":"https:\/\/isf.tvz.hr\/","name":"TVZ - Information Security and Digital Forensics","description":"Study Programme","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/isf.tvz.hr\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"hr"},{"@type":"ImageObject","@id":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#primaryimage","inLanguage":"hr","url":"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/semester_3.jpg","contentUrl":"https:\/\/isf.tvz.hr\/wp-content\/uploads\/2020\/03\/semester_3.jpg","width":800,"height":400},{"@type":"WebPage","@id":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#webpage","url":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/","name":"Memory Forensics - TVZ - Information Security and Digital Forensics","isPartOf":{"@id":"https:\/\/isf.tvz.hr\/#website"},"primaryImageOfPage":{"@id":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#primaryimage"},"datePublished":"2020-03-18T10:04:22+00:00","dateModified":"2020-04-07T18:05:53+00:00","author":{"@id":"https:\/\/isf.tvz.hr\/#\/schema\/person\/10016457ba19578af899f6dfefacbf35"},"breadcrumb":{"@id":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#breadcrumb"},"inLanguage":"hr","potentialAction":[{"@type":"ReadAction","target":["https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/isf.tvz.hr\/index.php\/2020\/03\/18\/memory-forensics\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/isf.tvz.hr\/"},{"@type":"ListItem","position":2,"name":"Memory Forensics"}]},{"@type":"Person","@id":"https:\/\/isf.tvz.hr\/#\/schema\/person\/10016457ba19578af899f6dfefacbf35","name":"webadmin1","image":{"@type":"ImageObject","@id":"https:\/\/isf.tvz.hr\/#personlogo","inLanguage":"hr","url":"https:\/\/secure.gravatar.com\/avatar\/ea28ae2a1a9b191433250aaaffa620a3?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/ea28ae2a1a9b191433250aaaffa620a3?s=96&d=mm&r=g","caption":"webadmin1"},"url":"https:\/\/isf.tvz.hr\/index.php\/author\/webadmin1\/"}]}},"_links":{"self":[{"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/posts\/2209"}],"collection":[{"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/comments?post=2209"}],"version-history":[{"count":3,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/posts\/2209\/revisions"}],"predecessor-version":[{"id":2540,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/posts\/2209\/revisions\/2540"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/media\/2417"}],"wp:attachment":[{"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/media?parent=2209"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/categories?post=2209"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/isf.tvz.hr\/index.php\/wp-json\/wp\/v2\/tags?post=2209"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}