A Complete Practical Approach to Malware Analysis & Memory Forensics

This course will introduce attendees to the basics of malware analysis, reverse engineering, Windows internals, and memory forensics and then it gradually progresses deep into more advanced concepts of malware analysis & memory forensics. Attendees will learn to perform static, dynamic, code, and memory analysis, as well as learn how to use malware analysis tools and malware sandbox.

To keep the training completely practical, it consists of various scenario-based hands-on labs after each module which involves analyzing real-world malware samples and investigating malware infected memory images (crimewares, APT malwares, Fileless malwares, Rootkits, etc).

The following topics will be covered:
  • Introduction to Malware Analysis
  • Static Analysis
  • Dynamic Analysis/Behavioural analysis
  • Automating Malware Analysis(sandbox)
  • Code Analysis
  • Introduction to Memory Forensics
  • Volatility Overview


  • Investigating Process
  • Investigating Process handles & Registry
  • Investigating Network Activities
  • Investigation Process Memory
  • Investigating User-Mode Rootkits & Fileless Malwares
  • Investigating Kernel-Mode Rootkits
  • Memory Forensic

This course is intended for:

  • Forensic practitioners, incident responders, cyber-security investigators, security researchers, malware analysts, system administrators, software developers, students and curious security professionals who would like to expand their skills
  • Anyone interested in learning malware analysis and memory forensics.

Students should:

  • be familiar with using Windows/Linux
  • have an understanding of basic programming concepts, while programming experience is not mandatory.

Students should have:

  • Laptop with minimum 6GB RAM and 40GB free hard disk space
  • VMware Workstation or VMware Fusion (even trial versions can be used).
  • Windows Operating system (preferably Windows 10 64-bit, even Windows 8 and lower versions are fine) installed inside the VMware Workstation/Fusion. You must have full administrator access for the Windows operating system installed inside the VMware Workstation/Fusion.

Note: VMware Player or VirtualBox is not suitable for this training.

The lab setup guide will be sent to you after registration.

  • Course material (pdf copy)
  • Lab solution material
  • Videos used in the course
  • Malware samples used in the course/labs
  • Memory Images used in the course/labs
  • Linux VM (to be opened with VMware Workstation/Fusion) containing necessary tools and samples