Hero Banner

Windows Memory Forensics Training Course

The definitive course for those who want to learn all about analysing events related to compromises or breaches in Windows Systems

We have trained over 750 organizations including:

Your gateway to mastering a highly-relevant information security skill

An ideal blend of theoretical and practical training with dedicated lab sessions

Learn how to capture & record evidence in breaches of Windows systems

Master the art of evidence collection and malware analysis in Windows


This course will help you understand and review details regarding events related to compromise of the system. Windows Memory Forensics is widely used in malware analysis and finding evidence about Windows systems in case of a cyber-attack.

In this course, you will learn how to gather evidence related to infected Windows systems and also how to use Windows memory forensics in analysing malwares.

Benefits of the Windows Memory Forensics Training Course

  • Learn how to find evidence and conduct malware analysis related to breaches in Windows systems.

  • Master the art of capturing evidence - an essential skill for any Security professional.

  • Discover the challenges of Memory Forensics and how to deal with them.

wmf (1)


Windows Memory Forensics Course Learning Objectives:

After the completion of this course, you will be able to: 

  • Articulate what is Memory Forensics, its importance and associated challenges.

  • Explain how to capture memory states and conduct memory analysis.

  • Properly understand how to find artefacts from Windows ROM.

  • Comprehend the Volatility Framework and how to use it to perform memory analysis.

  • Work with Normal Process Relationship.

  • Understand the process of capturing RAM FTK Imager. .

  • Comprehend and work with Volatility Modules for Windows - imageinfo, connections, pslist, sockets.

Feedback and Testimonials for our Courses

Kevin Hayes
The playbooks training course was a good 'part-2' to the CIPR and went into greater depth in a number of areas. The day was fun and Amar kept us moving along at a good pace.
Kevin Hayes
CISO, Cyber Risk Associates
Russ Smith

Enjoyed the course. Good mix of attendees and plenty of lively conversation. Amar steered us through it all admirably.

Russ Smith
Kim Rose

Overall the course was very good. I would strongly recommend this training to anyone who is involved in Cyber Security or has control of information assets.

Kim Rose
Information Governance Officer, Wye Valley NHS Trust
Philipp Scheiwiler

It was a great workshop with a lot of interesting people and a great learning experience.

Philipp Scheiwiler
System Engineer
Andrew Lock
This was a very helpful day and opportunity to speak with a number of operational incident responders to discuss what really works in practice and not just in theory. I gained a great deal from the day, particularly around the construction of bespoke playbooks and also a variety of useful resources to inform my learning. A really good day.
Andrew Lock
Information Security Consultant

Windows Memory Course Modules 

Windows Memory Forensics
  • Introduction to Windows Memory Forensics. Importance and Challenges.

  • Memory States and Memory Analysis.

  • Volatility Framework.

All trademarks, service marks, trade names, product names, service names and logos appearing on the site, or on printed or digital material are the property of their respective owners, including in Cyber Management Alliance Ltd. Any rights not expressly granted herein are reserved.

Building and Optimising Incident Response Playbooks

Find out more about our one day public courses or internal workshops, please complete the form below. 

  • callOr call us on:
  • +44 (0) 203 189 1422