Presentation is loading. Please wait.

Presentation is loading. Please wait.

Deeper research never hurts! Memory dumps contain personal information, but… how personal?

Published byGyles Owens Modified over 8 years ago

Similar presentations

Presentation on theme: "Deeper research never hurts! Memory dumps contain personal information, but… how personal?"— Presentation transcript:

1

2

3 Deeper research never hurts!

4

5

6

7

8 Memory dumps contain personal information, but… how personal?

9 Memory Forensics grabs the data at the lowest level: (most) malware cannot hide!

10

11

12 Processes Threads Modules Handles Registry Apihooks Services UserAssist Shellbags ShimCache Event Logs Registry (again) Timeline

13

14

15

16

17

18 Memoryze: Live analysis

19

20

21

22

23

24

25

26

27 Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall CD For More Information Windows Server 2012 R2 http://technet.microsoft.com/en-US/evalcenter/dn205286 Microsoft Azure http://azure.microsoft.com/en-us/ System Center 2012 R2 http://technet.microsoft.com/en-US/evalcenter/dn205295 Azure Pack http://www.microsoft.com/en-us/server- cloud/products/windows-azure-pack

28 www.microsoft.com/learning http://microsoft.com/msdn http://microsoft.com/technet http://channel9.msdn.com/Events/TechEd

29

30

31

Download ppt "Deeper research never hurts! Memory dumps contain personal information, but… how personal?"

Similar presentations

4/9/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/9/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
DCIM-B221

DCIM-B221

FeatureGroup PolicyDSC Configuration stored inGPO fileConfiguration script / MOF file Target nodes by means ofAD links.

FeatureGroup PolicyDSC Configuration stored inGPO fileConfiguration script / MOF file Target nodes by means ofAD links.
Virtual Network Subnet 1Subnet 2Subnet 3 VPN connection On-premises network Virtual Network Subnet Virtual Network Subnet ExpressRoute.

Virtual Network Subnet 1Subnet 2Subnet 3 VPN connection On-premises network Virtual Network Subnet Virtual Network Subnet ExpressRoute.
4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.

4/14/2017 © 2014 Microsoft Corporation. All rights reserved. Microsoft, Windows, and other product names are or may be registered trademarks and/or trademarks.
Total digital universe 85% corporations had liability for 66% created by consumers & workers.

Total digital universe 85% corporations had liability for 66% created by consumers & workers.
@CFullerMVP OpsMgr 2012 Evolution OpsMgr 2012 TechEd 2014.

@CFullerMVP OpsMgr 2012 Evolution OpsMgr 2012 TechEd 2014.
Complete Scope: Lifecycle of IT- Services in Hybrid Clouds.

Complete Scope: Lifecycle of IT- Services in Hybrid Clouds.
Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall.

Come Visit Us in the Microsoft Solutions Experience! Look for Datacenter and Infrastructure Management TechExpo Level 1 Hall.
Session Goal Be familiar with the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics!

Session Goal Be familiar with the possibilities of the operating system From the user mode and kernel mode We are NOT talking about the forensics!
Deeper research never hurts!

Deeper research never hurts!
6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.

6 Hypervisor Management OS Guest VM 1 Guest VM n Hardware User Mode Kernel Mode User Mode … Kernel Mode User Mode.
NIC Management Storage Migration Cluster NIC.

NIC Management Storage Migration Cluster NIC.
DCIM-B228 No Capacity Planning Function Cannot measure, scorecard or predict future performance Budget Overruns Non fact based investment decisions.

DCIM-B228 No Capacity Planning Function Cannot measure, scorecard or predict future performance Budget Overruns Non fact based investment decisions.
4/19/2017 DCIM-B220 Private Cloud Made Simple The Fast Track Reference Architecture Program Michael Schulz Ian Lucas © 2014 Microsoft Corporation. All.

4/19/2017 DCIM-B220 Private Cloud Made Simple The Fast Track Reference Architecture Program Michael Schulz Ian Lucas © 2014 Microsoft Corporation. All.
Server Roles and Features.NET Framework 3.51.NET Framework 4.5 IIS Web Server IIS Default Document IIS Directory Browsing IIS HTTP Errors.

Server Roles and Features.NET Framework 3.51.NET Framework 4.5 IIS Web Server IIS Default Document IIS Directory Browsing IIS HTTP Errors.
Richard Seroter Director of Product Management Microsoft MVP for Integration Cloud Editor for InfoQ.com Technical Trainer at Pluralsight 3-time Book.

Richard Seroter Director of Product Management Microsoft MVP for Integration Cloud Editor for InfoQ.com Technical Trainer at Pluralsight 3-time Book.
SQL and System Center meet, then got down to business.

SQL and System Center meet, then got down to business.
Yes, yes it does! 1.Guest Clustering is supported with SQL Server when running a guest operating system of Windows Server 2008 SP2 or newer.

Yes, yes it does! 1.Guest Clustering is supported with SQL Server when running a guest operating system of Windows Server 2008 SP2 or newer.

Similar presentations

Ads by Google