During the incident response process, memory can be one of the sexiest places to look for information. We will identify specific structures and their data members that can help further an investigation and see how that fits into the bigger picture. We will also look at how and why those structures are created, whether it is a function of the operating system or the by-product of malware.
Brett Cunningham has primarily worked as a network defender and incident responser. He is active in the community, often providing support for Snorby and Sguil users.