This course is designed for the law enforcement professional who needs to leverage volatile memory to find evidence that does not exist on disk. The class will progress just like an investigation. On Day 1, students will build a device that will be used to access a locked Windows system. Students will learn additional skills to bypass login screens on Windows and Linux systems using older and newer open-source techniques. The course will introduce how the Kernel and address translation works. Additional sources of memory such as page, hibernation, and dump files are discussed. Then, the students will spend Day 2 learning different techniques to capture RAM on Windows, Mac, and Linux systems. The students will learn about advanced topics such as RAM on virtual machines and capturing RAM over a network. On Day 3, the students will compare commercial and open-source tools to analyze memory. Upon completion of the course, the students will be comfortable using command line tools for RAM analysis, even if this is their first time in a terminal. Day 4 will focus on password cracking. Students will learn techniques to use open-source tools to find the passwords for encrypted containers. On Day 5, the students will learn additional techniques to break into encrypted partitions.
WHEN: April 28-May 2, 2025
COST: $2,695.00 US Dollars
EQUIPMENT: Classroom laptops will be given to the students to take home and keep.
COURSE SYLLABUS:
COURSE COMPETENCIES:
REGISTRATION: 2025 Course Registration will open in August 2024.
Existing IACIS members, simply log in with your credentials and go to the Products page to purchase and register for the course.
For non-IACIS members, the membership fee is waived with the purchase of the training course; however, to register for the course, you must complete a membership application at the time of purchase. Purchase the training course HERE.
****Payment MUST BE RECEIVED at least 45 days prior to the first day of class. Any payment arrangements other than payment through the website or payment via invoice must be approved by the IACIS Treasurer prior to admittance into the course. Please contact the treasurer for questions and approval (treasurer@iacis.com)
Cancellations within 45 days from the start of class to 31 days from the start of class will be subject to a $150 cancellation fee. There will be no refunds within 30 days from the start of class.****
* On-Site Check-in Times (student pickup of equipment, ID card, IACIS info) are:
Sunday, April 27, 2025: 1800 – 2000
Monday, April 28, 2025: 0700 – 0800
* Please make arrangements to arrive in time to check-in so that you may be in class promptly on the first day.
COURSE NOTES:
Please read the following notes regarding this class:
- Classes begin at 8:00 AM ET and conclude at 5:00 PM ET each day, with a one-hour lunch break. Classes will end at 4:00 PM ET on the last day of class. Please do not arrange for departing flights prior to 7:00 PM ET to allow time for travel to the airport and any security clearances.
- The dress code for the conference is business casual (collared shirts and slacks). The wearing of shorts, flip-flops, tank tops, etc., is not allowed in the classroom. Personal computers are not permitted in the classroom. Students are required to attend all classes to successfully complete the program. Students who fail to meet the attendance requirements will not be issued a certificate at the conclusion of the program.
HOTEL BOOKING: Hotel booking will open once classes have been opened for registration.
The course will be taught at the Caribe Royale Hotel, 8101 World Center Drive, Orlando, Florida 32821 (USA). This hotel is 16 miles from the Orlando International Airport; it has a large pool and spacious workout facility and is close to Disney World and Universal Studios.
Book via the Caribe Royale Hotel site here. Hotel booking will open once classes have been opened for registration. If you choose to stay at a different hotel and commute to the conference, you may be subject to parking fees per conference center policy.
Or book via phone by calling the following numbers:
Reservations Toll-Free: 1-800-823-8300/1-888-258-7501 or the local number 407-238-8000.
CANCELLATION INFO: If IACIS is unable to hold the Orlando training event, then all students who have registered and paid will have the option of a full refund or a reserved seat at next year’s training event. IACIS is not responsible for any outside expenses (e.g., travel and accommodation) in the event of the training event being canceled. Anyone who paid for training will receive complimentary membership through the year that his/her training takes place.
