Date/Time
Date(s) - Mon, Sep 20, 2021 - Wed, Sep 22, 2021All Day
Location
ONLINE ClassBEC 201 – Memory Analysis Fundamentals Course
This course will provide students with the tools needed to analyze artifacts contained within random access memory acquired from live Windows-based systems.
The BEC platform provides a comprehensive toolset for the examiner to locate artifacts from:
- Running processes
- Network connections and file shares
- Internet browsers
- Social media content
The Belkasoft Live RAM Capturer is used by many first responders and examiners worldwide for its ability to acquire volatile memory from 32-bit and 64-bit systems quickly and completely, including areas in RAM protected by actively running applications. Data that could be potentially recovered from these areas include chat communications and webmail artifacts.
During Instructor-led course activities, and exercises – participants will demonstrate the ability to efficiently analyze digital artifacts acquired from RAM while utilizing BEC.
| Module | Duration | Description |
| Module 1 – Introduction | 1 Hour | This module will provide a brief history of Belkasoft followed by overview of course logistics enabling instructors and students to become familiar with one another and their professional experiences in digital forensics. |
| Module 2 – Understanding Volatile Data | 2 Hours | Students will receive a comprehensive overview of volatile memory and understand the vital role it plays in a basic computer system. |
| Module 3 – Acquiring RAM | 2.5 Hours | Instructors will guide students through the BEC workflow to acquire RAM from a live Windows computer system. |
| Module 4 – Analysis of Windows-based RAM Artifacts | 2.5 hours | Students will understand how to carve a RAM acquisition for Windows-based artifacts such as running processes, network connections, active file shares, and open files. |
| Module 5 – Analysis of Internet-based RAM Artifacts | 2.5 Hours | Students will understand how to carve a RAM acquisition for Internet-based artifacts such as active chats, multimedia, social media content, and webmail. |
| Module 8 – BEC Reporting | 1.0 Hour | Instructors will guide students on the importance of reporting and techniques on how to utilize the BEC platform to create effective forensic reports on findings. |
The BEC certification course design, objectives, practical exercises, and scenarios are written based on over fifteen years of field experience from working with LE officers and CCU examiners both international and domestic. The techniques taught in this course – while based on BEC functionality and workflow – have been curated from extensive research, testing, and use on live systems involved in actual cyber crimes investigated around the world where DSI examiners were actively involved as contracted analysts, instructors, and/or mentors.