The International Association of Computer Investigative Specialists

RCA: RAM Capture and Analysis

RCA Course Overview

This course is designed for the law enforcement professional who needs to leverage volatile memory to find evidence that does not exist on disk. The class will progress just like an investigation.

On Day 1, students will build a device that will be used to access a locked Windows system. Students will learn additional skills to bypass login screens on Windows and Linux systems using older and newer open-source techniques. The course will introduce how the Kernel and address translation works. Additional sources of memory such as page, hibernation, and dump files are discussed.

Then, the students will spend Day 2 learning different techniques to capture RAM on Windows, Mac, and Linux systems. The students will learn about advanced topics such as RAM on virtual machines and capturing RAM over a network.

On Day 3, the students will compare commercial and open-source tools to analyze memory. Upon completion of the course, the students will be comfortable using command line tools for RAM analysis, even if this is their first time in a terminal.

Day 4 will focus on password cracking. Students will learn techniques to use open-source tools to find the passwords for encrypted containers.

On Day 5, the students will learn additional techniques to break into encrypted partitions.

Quick Details

Core Competencies / Details

There are four competency areas addressed in the RCA course

  1. Lock Screen Concepts
  2. Capturing RAM Concepts
  3. Analyzing RAM Concepts
  4. Encryption Concepts

Download PDFPlease click here to download the official RCA Core Competencies document which includes details for each core competency.

Download DOcument

Download PDFClick to view the RCA Course Schedule.

Download DOcument

IACIS ChairGuided by industry-leading professionals, including a distinguished IACIS Chair, the RCA course content stays consistently updated to reflect the latest cybersecurity and digital forensic best practices.

See Upcoming Events

Apply knowledge towards:

CFCE IACIS Certification

CFCE

Certified Forensic Computer Examiner Program

CAWFE IACIS Certification

ICMDE

Certified Mobile Device Examiner

CMDE IACIS Certification

CAWFE

Certified Advanced Windows Forensic Examiner

2025 Orlando Training Conference
2025
Orlando, FL
Learn More
2026 IACIS Specialized Event – Reno, Nevada
January 12 – 16, 2026
Reno, NV
Learn More
See More Events
Upcoming events Details of the next event for this course

Where and When is the RCA Course Offered?

IACIS offers the RCA course at multiple locations, accommodating the varied schedules of our professional audience. For course dates and locations, please visit our EVENTS page.

How to Register for this Course

Existing IACIS members, simply log in with your IACIS credentials and go to the PURCHASE TRAINING page to purchase and register for the course.

For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course you must complete a membership application at the time of purchase. Go to the PURCHASE TRAINING page to purchase and register for the course and complete your membership application.

Register Now
Skip to content