DFIR “Memory Forensics” Poster Side 1 – Memory is the new battleground between attackers and defenders. Advanced attackers are increasingly operating completely in memory and NOT writing files to disk. Running tools against your memory dumps gives you data, but what does that data mean?! The SANS memory forensics poster offers analysts a jumping off point for analyzing incidents using our intuitive six-step analysis process. It provides a layout of the most important structures in Windows kernel memory, which are critical for piecing together advanced analysis tasks. Finally, the poster highlights a variety of advancements in Windows kernel protections that have fundamentally changed the way analysts must perform memory forensics.
The Memory Forensics Analysis Poster was created by FOR526 Memory Forensics In-Depth course authors, SANS Certified Instructor Alissa Torres and SANS Senior Instructor Jake Williams with support from the SANS DFIR Faculty.
The DFIR posters are shipped rolled in a tube and measure 24″ x 36″ (slightly larger than the SANS folded version).
Currently shipping within the US only.