Skip to content
TraceLattice Academy

Courses / Memory Analysis

Cover visual for Memory Capture and First Pass

Memory Capture and First Pass

Volatility-style triage without drowning in plugin lists: capture, stabilize, and summarize.

  • 4 weeks · evening cohort
  • Cohort
  • Memory Analysis
  • 268,000 KRW
Schedule a workshop call

Overview

You practice capture hygiene first, then move into process and network summaries that help incident responders decide whether disk work is worth the clock. The course keeps plugin sprawl contained so you finish with a short playbook instead of a folder of half-run commands.

What is included

  • Capture checklist with thermal and time notes
  • Two instructor-led live triage sessions
  • Plugin bundle pinned to a tested version set
  • Scenario cards that randomize benign vs suspicious cues
  • Office-hour code review on your command transcripts

Outcomes

  1. Run a first-pass triage script and annotate uncertain rows
  2. Explain tradeoffs when capture delays disk acquisition
  3. Hand off a one-page triage summary to a disk specialist

FAQ

Hardware expectations?

32 GB RAM recommended for local capture replay. If you are below that, cloud lab time is available in limited weekly windows.

Is malware handling included?

We work in isolated VMs only; offensive tooling beyond triage is not taught here.

What is not included?

Kernel debugging and driver-level rootkit analysis are explicitly out of scope.

Learner notes

  • “Evenings were tight, but the scenario cards made the live sessions feel grounded.”

    — M. Cho · internal feedback

  • “Clear capture order discussion—finally someone said when *not* to grab RAM first.”