During this course, participants will learn how to deal with live data and how to analyze it. Differences between regular “dead-box” investigations and investigations on live machines will be explained in detail with a focus on hands-on exercises. The main task during this class is to show the participants a different way of how to acquire Random Access Memory of a live machine and how to analyze it with various tools. At the end of the course, the students will undergo a knowledge evaluation. After successful completion of the course, certificates will be awarded.
To obtain the maximum benefits from this class, participants should have basic knowledge of computer forensic investigations and acquisition procedures, be able to perform basic operations on a personal computer and be familiar with Microsoft Windows environment.