In this short video from our Live Analysis with Rekall online course your instructor, Paulo Pereira, will show you a simple live analysis technique, that will allow you to identify suspicious process in a system with Rekall. Do you use this tool in your work? Don't miss the tutorial!
More information about the course:
In contrast with a classical forensics approach, live analysis is a modern approach supported by new technologies to acquire memory image dumps. This does not mean that forensic live analysis is easier than the classical analysis. Nowadays, we know that malware gain in complexity, promoting a new scale in cybercrime. Forensics specialists must be alert to different anti-forensics techniques introduced by malicious programs. Rekall is an open framework that provides powerful capabilities in live analysis. In this course, by “Linux machine” we understand it to mean “Kali Linux” or “Sans Sift Workstation”. These platforms are prepared for this job.
What will you learn?
- Use the Rekall to create memory images in active processes on the machine.
- Analyze malicious evidence on a machine.
- Analyze evidence from a normal machine.
What will you need?
All exercises and labs can be performed on machines running Windows, Linux or Apple, as well as in virtual machines.
What should students know before they join?
The basic requirements for this course are: pointers and memory addressing.
- The course is self-paced – you can visit the training whenever you want and your content will be there.
- Once you’re in, you keep access forever, even when you finish the course.
- There are no deadlines, except for the ones you set for yourself.
- We designed the course so that a diligent student will need about 18 hours of work to complete the training.
- The course contains video and text materials, accompanied by practical labs and exercises.