2019-2020 Graduate Catalog 
    
    Mar 28, 2024  
2019-2020 Graduate Catalog [ARCHIVED CATALOG]

CSCI 6668 - Memory Forensics


Prerequisite: CSCI 6637 . This course provides students with the basic theoretical and practical foundations necessary for the investigation of volatile memory. The discipline of digital forensics will be discussed and outlined with emphasis on the sub-discipline of memory forensics. Students will learn the basics of acquiring digital evidence from volatile memory and analyzing it. Topics covered include: the volatility framework, Windows memory forensics, Windows objects and pool allocations, processes, handles and tokens, process memory internals, hunting malware in process memory, event logs, registry in memory, networking, Windows services, kernel forensics and rootkits, Windows GUI subsystems, disk artifacts in memory, event reconstruction and timelining.  3 credits.