Windows Memory Forensics


One course that teaches you all about analysing events related to compromises or breaches in Windows Systems.

This course will help you understand and review details regarding events related to compromise of the system. Windows Memory Forensics is widely used in malware analysis and finding evidence about Windows systems in case of a cyber-attack. In this course, you will learn how to gather evidence related to infected Windows systems and also how to use Windows memory forensics in analysing malwares.

Benefits of choosing this course

Benefits of choosing the Windows Memory Forensics course


Learn how to capture and record evidence related to breaches in Windows systems.


Understand the art of evidence collection and malware analysis.


Discover the challenges of Memory Forensics and how to deal with them.

Highlights of the Windows Memory Forensics course


Your gateway to mastering a highly-relevant information security skill.


The perfect blend of theoretical and hands-on practical training.


Downloadable study material and self-assessment tests for reinforced learning.

  • Key Learning Objectives
  • Downloads
  • About
  • Key Learning Objectives

      After completing the Windows Memory Forensics course, students will be able to:
    • Articulate what is Memory Forensics, its importance and associated challenges.
    • Explain how to capture memory states and conduct memory analysis.
    • Properly understand how to find artefacts from Windows ROM.
    • Comprehend the Volatility Framework and how to use it to perform memory analysis.

    • Work with Normal Process Relationship.
    • Understand the process of capturing RAM FTK Imager. .
    • Comprehend and work with Volatility Modules for Windows - imageinfo, connections, pslist, sockets.
  • Direct Downloads

    Directly download the full Learning Objectives of the course here

    Templates. Worksheets & Mind-maps

    When you enrol in this course you will have access to several worksheets & templates that you can use immediately. Take a look at the course curriculum, below, to see whats included in this course.

    The image immediately below is a gallery view of some of the templates and collateral available to students.

    Continuing Professional Development

    CPD points can be claimed for this course at the rate of 1 point per hour of training for this NCSC-certified and CIISec-approved course (8 points for one-day public course and 15 points for the two-day internal workshop - for when organisations host this course internally).

    CIPR Student-Only Incident Response Plan Template

    As a student you get access to unique content including our highly acclaimed Cyber Incident Response Plan Template. If you want, you can download the FREE version of the Incident Response Plan template here.

  • About

Example Curriculum

  Windows Memory Forensics Course
Available in days
days after you enroll
  Windows Memory Forensics Quiz
Available in days
days after you enroll

Sign up and Start Today


Pay-in-full in your local currency (where available)


We take all major forms of payment and we use secure checkout.

While recording evidence and analysis in the post-event stage is imperative, make sure you're investing as much energy into the preparation phase. Use this FREE Cyber Incident Response Plan Template to create your own effective incident response plan.