Acquiring and analyzing physical memory as done by forensics professionals is a skill crucial to understanding how an operating system works or worked during the incident. For hobbyists, working with memory can be useful to perform troubleshooting and understand how certain solutions work. Just as it is crucial to understand operating system internals and security aspects, it is equally critical to understand what's in the operating system's memory. The valuable content contains evidence of user actions, hacker's tasks, malicious code behaviors, and the story of what happened on a system. During this session Paula explains and shows the techniques for memory acquisition, techniques for grabbing the juicy data, and why it is so amazing to find someone's memory dump! This session is really intense but practical at the same time, as always it is packed with a lot of live demos and stories!
The Windows Driver Kit (WDK) is integrated with Microsoft Visual Studio and Debugging Tools for Windows. This integrated environment gives you the tools you need to develop, build, package, deploy, test, and debug drivers. Microsoft provides a single integrated toolset that supports driver development for all Windows platforms. This session provides an example of how the WDK and Visual Studio make it easy for hardware developers to build quality drivers for all platforms. Topics include: Walkthrough of the development lifecycle using the WDK and Visual Studio, How to create, build, deploy, test and live debug a driver by using the WDK & Visual Studio, Hardware Development Boards, and Overview of documentation, samples, templates. Intended Audience: OEMs, ODMs, IDHs, IHVs, Peripheral Manufacturers, Driver Developers.