8, Dec 2020
How are kernel modules loading into memory in a Windows system. How can you find and report on these modules using memory forensics?

How are kernel modules loading into memory in a Windows system. How can you find and report on these modules using memory forensics?

What are kernel callbacks? How can you review these callbacks in a memory image?

What is a desktop in terms of memory forensics? What are you analysis objectives when investigating these desktops?

Why can clipboard data be a valuable resource in a forensics investigation? What are the analysis objectives when investigating this data?