2025-2026 Graduate Catalog 
    
    Dec 07, 2025  
HELP
2025-2026 Graduate Catalog

CSCI 6668 - Memory Forensics

Prerequisites: CSCI 6637 , CSCI 6646 . Prerequisite or co-requisite: CSCI 6651 . This course provides students with the theoretical and practical foundations necessary for the investigation of volatile memory. The discipline of digital forensics will be discussed and outlined with emphasis on the sub-discipline of memory forensics. Students will learn the techniques of acquiring digital evidence from volatile memory and analyzing it. Topics covered include: the Volatility framework, Windows memory forensics, Windows objects and pool allocations, processes, handles and tokens, process memory internals, hunting malware in process memory, event logs, registry in memory, networking, Windows services, kernel forensics and rootkits, Windows GUI subsystems, disk artifacts in memory, event reconstruction and timelining.  3 credits.


Catalog Navigation
  Catalog Home
  President’s Message
  The University
  Graduate Programs
  Academic Policies
  Policies & Procedures for Ph.D. Degree
  Financial Aid
  Graduate Tuition and Fees
  Academic and Student Services
  College of Arts and Sciences
  Pompea College of Business
  Tagliatela College of Engineering
  Henry C. Lee College of Criminal Justice and Forensic Sciences
  School of Health Sciences
  University Interdisciplinary Collaborative
  Programs Pending Regulatory Approval
  Course Descriptions
  Board of Governors
  Administration
  Faculty
  Academic Calendar
  Campus Map