Volatility for SOC Analysts

[omergunal]

During the investigation, sometimes analysts should do memory analysis. And one of the most popular tool is Volatility.

Steps:

1. Prepare a table of contents
2. Create a lesson for each title (video or text-based, video would be better)
3. If possible, create at least 3 practical questions for each lesson. (Some theoretical lessons like "Introduction to Volatility " doesn't need a question)
   3.1. Example question: What is the command&control server of "MalwareSample.exe"?
4. Prepare a walkthrough about questions
5. Upload everything on Google Drive and send the link to us as a comment or to info@letsdefend.io
6. LetsDefend team will review your materials. If necessary, will do some edits for a better format then release it.

Useful Links:

• https://infosecwriteups.com/forensics-memory-analysis-with-volatility-6f2b9e859765
• https://www.youtube.com/watch?v=Cs0Gc3GtfZY
• https://medium.com/@zemelusa/first-steps-to-volatile-memory-analysis-dcbd4d2d56a1

Sample courses:

• https://app.letsdefend.io/training/lessons/windows-fundamentals
• https://app.letsdefend.io/training/lesson_detail/malware-traffic-analysis-with-wireshark-1