2023-2024 Undergraduate Catalog 
    
    Nov 24, 2024  
2023-2024 Undergraduate Catalog [ARCHIVED CATALOG]

CSCI 4538 - Memory Forensics


Prerequisite: CSCI 2246 . This course provides students with the basic theoretical and practical foundations necessary for the investigation of volatile memory. The discipline of digital forensics will be discussed and outlined with emphasis on the sub-discipline of memory forensics. Students will learn the basics of acquiring digital evidence from volatile memory and analyzing it. Topics covered include: the volatility framework, Windows memory forensics, Windows objects and pool allocations, processes, handles and tokens, process memory internals, hunting malware in process memory, event logs, registry in memory, networking, Windows services, kernel forensics and rootkits, Windows GUI subsystems, disk artifacts in memory, event reconstruction and timelining. 3 credits.