Session 1: Lecture

Paged Virtual Addressing; Process Memory Layout; VAD; PE Files; Process Initialisation

Tags:

Session 1: Practical

PE Files; Memory Layout

Tags:

Session 1: Practical

Volatility Framework

Tags:

Session 1: Cheat Sheet

Memory Analysis Cheat Sheet for Windows XP SP2

by Pär Österberg and Andreas Schuster

Tags:

Session 1: Cheat Sheet

Volatility 1.3 Memory Analysis Cheat Sheet
by Andreas Schuster

Tags:

Session 1: Cheat Sheet

A Windows Registry Quick Reference: For the Everyday Examiner by Derrick J. Farmer

Tags:

Session 1: Additional Reading

Chapter 5: Processes, Threads and Jobs
Windows Internals (5th edition) by Mark E. Russinovich and David A. Solomon

Tags: