Are you the Incident Response "Super Hero" in your organization? Add another IR superpowers star to your cape by attending a “How to” on effectively wielding the Rekall Memory Forensic Framework to slice through live or captured system memory. Alissa, co-author of the SANS FOR526 "Memory Forensics In-Depth" course will demo the newest capabilities of this bleeding-edge analysis tool.  You have heard about how simple Rekall is to use!  And there are new capabilities that the Rekall development team has recently added. Grab the page file while acquiring physical memory using Rekall’s winpmem and parse the memory of virtualized machines from a host memory image.  Grab a memory image (or use ours) and play along!

Back to BSides Augusta 2015 video list