As malware authors and cyber operators have gotten more sophisticated in recent days, traditional methods of on-disk forensics have become less effective. This doesn't mean these advanced techniques are impossible to detect though. Memory forensics is one of the fastest growing and most in demand skills in today's incident response industry. You'll learn how to retrieve the volatile memory of a running computer, and to examine that memory for evidence of activity usually thought to be undetectable. We'll retrieve encryption keys, examine malware, and learn about what makes your computer's RAM one of its most valuable sources of information for an investigator.