Windows Memory Forensics


One course that teaches you all about analysing events related to compromises or breaches in Windows Systems.

This course will help you understand and review details regarding events related to compromise of the system. Windows Memory Forensics is widely used in malware analysis and finding evidence about Windows systems in case of a cyber-attack. In this course, you will learn how to gather evidence related to infected Windows systems and also how to use Windows memory forensics in analysing malwares.

Benefits of choosing this course

Benefits of choosing the Windows Memory Forensics course


Learn how to capture and record evidence related to breaches in Windows systems.


Understand the art of evidence collection and malware analysis.


Discover the challenges of Memory Forensics and how to deal with them.



Get Started

Highlights of the Windows Memory Forensics course


Your gateway to mastering a highly-relevant information security skill.


The perfect blend of theoretical and hands-on practical training.


Downloadable study material and self-assessment tests for reinforced learning.



Get Started
  • Key Learning Objectives
  • Downloads
  • About

  • Key Learning Objectives

      After completing the Windows Memory Forensics course, students will be able to:
    • Articulate what is Memory Forensics, its importance and associated challenges.
    • Explain how to capture memory states and conduct memory analysis.
    • Properly understand how to find artefacts from Windows ROM.
    • Comprehend the Volatility Framework and how to use it to perform memory analysis.

    • Work with Normal Process Relationship.
    • Understand the process of capturing RAM FTK Imager. .
    • Comprehend and work with Volatility Modules for Windows - imageinfo, connections, pslist, sockets.

  • Direct Downloads

    Directly download the full Learning Objectives of the course here

    Templates. Worksheets & Mind-maps

    When you enrol in this course you will have access to several worksheets & templates that you can use immediately. Take a look at the course curriculum, below, to see whats included in this course.

    The image immediately below is a gallery view of some of the templates and collateral available to students.

    Continuing Professional Development

    CPD points can be claimed for this course at the rate of 1 point per hour of training for this NCSC-certified and CIISec-approved course (8 points for one-day public course and 15 points for the two-day internal workshop - for when organisations host this course internally).

    CIPR Student-Only Incident Response Plan Template

    As a student you get access to unique content including our highly acclaimed Cyber Incident Response Plan Template. If you want, you can download the FREE version of the Incident Response Plan template here.

  • About

Example Curriculum

  Windows Memory Forensics Course
Available in days
days after you enroll
  Windows Memory Forensics Quiz
Available in days
days after you enroll

Sign up and Start Today

Pay-in-full in your local currency (where available)


We take all major forms of payment and we use secure checkout.

Featured Courses


Our most popular courses and offers.

Cyber Incident Planning and Response Course

Government Certified, Accredited Course on Planning and Response Strategies to deal with Cyber-Attacks and Cyber Crises

Amar Singh

Amar Singh

£299

NCSC-Certified CIPR and Playbooks eLearning Bundle

Access two NCSC-Certified Training courses for the price of one. Includes option for an online examination.

Courses: 2

$425

Access all 48 courses for 12 months

Includes courses on Governance, Risk, Compliance, Incident Response, SOC, Penetration Testing and much more.

Courses: 48

$995

While recording evidence and analysis in the post-event stage is imperative, make sure you're investing as much energy into the preparation phase. Use this FREE Cyber Incident Response Plan Template to create your own effective incident response plan.