SANS Incident Response Training Course: http://www.sans.org/course/advanced-c...

Memory Forensics for Incident Response
Featuring: Hal Pomeranz

Modern malware has become extremely adept at avoiding detection by traditional endpoint analysis tools. Memory Forensics gives the investigator multiple solutions for detecting typical malware techniques such as code injection, API hooking, and process hiding. This talk is an overview of Memory Forensics including how to acquire memory images and tools and techniques for analyzing them.

Hal Pomeranz is the founder and technical lead for Deer Run Associates, a consulting company focusing on Digital Forensics and Information Security. He provides forensic analysis services through his own consulting firm and by special arrangement with MANDIANT. He has consulted on several major cases for both law enforcement and commercial clients. Hal is a SANS Faculty Fellow and and instructor in the SANS Forensics curriculum.

Hal Pomeranz: Hal is founder and CEO of Deer Run Associates, a systems management and security consulting firm. He has spent more than a decade managing systems and networks for some of the largest commercial, government, and academic organizations in the country. Hal participated in the first SANS conference and designed the SANS Step-by-Step course model. He is a top-rated instructor and author on topics ranging from information security to system and network management to Perl programming.

Hal Pomeranz is an independent digital forensic investigator who has consulted on cases ranging from intellectual property theft, to employee sabotage, to organized cybercrime and malicious software infrastructures. He has worked with law enforcement agencies in the US and Europe and global corporations.

While equally at home in the Windows or Mac environment, Hal is recognized as an expert in the analysis of Linux and Unix systems. His research on EXT4 file system forensics provided a basis for the development of Open Source forensic support for this file system. His EXT3 file recovery tools are used by investigators worldwide.

Hal is a SANS Faculty Fellow and Lethal Forensicator, and is the creator of the SANS Linux/Unix Security track (GCUX). He holds the GCFA and GREM certifications and teaches the related courses in the SANS Forensics curriculum. He is a respected author and speaker at industry gatherings worldwide. Hal is a regular contributor to the SANS Computer Forensics blog and co-author of the Command Line Kung Fu blog.

"Great intro to malware analysis. Hal Pomeranz, instructor, was extremely knowledgeable on the subject. Highly recommended." - Jonathon Hinson, Duke Energy