Memory forensics Hardening Workshop
RCCE students will learn volatile memory acquisition and analysis including RAM capture techniques, process enumeration, network connection analysis, code injection detection, rootkit discovery, and malware artifact extraction from memory. RCCE students will learn to use memory forensics tools to acquire memory images from live systems, analyze process trees for suspicious parent-child relationships, detect hidden and injected processes, extract encryption keys and credentials from memory, identify command and control communications, reconstruct attacker activity from memory artifacts, and integrate memory forensics findings into broader incident investigation timelines. This hands-on hardening course focuses on reducing attack surface through practical configuration changes and security guardrails. At an expert level, RCCE students will learn to apply hardening baselines, validate configurations, and measure the security improvement achieved. Students walk away with actionable hardening checklists and the skills to maintain hardened configurations as environments evolve.
- Security Engineers building defensive controls
- Security Analysts and Blue Team members
- Systems Administrators with security responsibilities
- GRC and Risk Professionals supporting controls
- Professionals implementing Memory forensics Hardening Workshop
- Execute hands-on tasks for memory forensics
- Execute hands-on tasks for hardening workshop
- Explain Workshop Overview fundamentals
- Execute hands-on tasks for what you will learn
- Execute hands-on tasks for memory acquisition — covering RAM capture from live systems.
- Execute hands-on tasks for process analysis — covering Process tree enumeration.
- Build detections and response workflows for privilege escalation, including Code injection identification.
- Integrate privilege controls with identity providers and SIEM telemetry, including Configuration baselines.
- Execute hands-on tasks for why memory forensics matters
- Execute hands-on tasks for key insight — covering Volatile data disappears on power-off.
- Execute hands-on tasks for volatile data (ram) — covering Running processes and threads.
- Execute hands-on tasks for non-volatile data (disk) — covering Files and file system metadata.
| Module 01 | Memory Forensics |
| Module 02 | Hardening Workshop |
| Module 03 | Workshop Overview |
| Module 04 | What You Will Learn |
| Module 05 | Memory Acquisition |
| Module 06 | Process Analysis |
| Module 07 | Threat Detection |
| Module 08 | Hardening Integration |
| Module 09 | Why Memory Forensics Matters |
| Module 10 | Key Insight |
| Module 11 | Volatile Data (RAM) |
| Module 12 | Non-Volatile Data (Disk) |
| Module 13 | 4 Running Processes |
| Module 14 | 5 Disk (Temp / Swap) |
All hands-on labs run on Rocheston Rose X OS. Students practice memory forensics hardening workshop by implementing the controls discussed in class, with a focus on real-world deployment, monitoring, and validation.
- Lab 1: Execute hands-on tasks for memory forensics
- Lab 2: Execute hands-on tasks for hardening workshop
- Lab 3: Explain Workshop Overview fundamentals
- Lab 4: Execute hands-on tasks for what you will learn
- Lab 5: Execute hands-on tasks for memory acquisition
Upon successful completion of this course, students will receive an official RCCE Course Completion Certificate for Memory forensics Hardening Workshop, verifiable through the Rocheston certification portal.
- Full access to all course materials and slide decks
- Hands-on lab access on Rocheston Rose X OS environment
- Access to Rocheston CyberNotes
- Access to Rocheston Zelfire — EDR/XDR SIEM platform
- Access to Rocheston Raven — online cyber range exercise platform
- Access to Rocheston Vulnerability Vines AI