I'm excited to announce that I will held a workshop on Windows Memory Analysis on Thursday September 13, 2007 at the IMF Conference in Stuttgart, Germany.
The workshop most likely will be themed around the detection of a trojan horse and a rootkit. During the 90 minutes I will demonstrate the usage of the Microsoft Debugger and some open-source tools.
The workshop will be at an intermediate level. There's not enough time to start from the very beginnings. On the other hand I don't expect that lots of experienced examiners (experienced in memory analysis techniques, that is) will attend. So I decided to stay in between. The format is demonstration only, so you don't have to prepare a laptop. However, you should bring some basic understanding about the mechanics of an operating systems and the Microsoft Windows NT platform in particular.
