Online Training: Accelerated Windows Memory Dump Analysis

Accelerated Windows Memory Dump Analysis Logo

New dates/times TBD

This training includes 32 step-by-step exercises and covers more than 65 crash dump analysis patterns from x86 and x64 process, kernel, and complete (physical) memory dumps. Learn how to analyze application, service and system crashes and freezes, navigate through memory dump space and diagnose heap corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more with WinDbg debugger. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve, and it is based on the latest 5th revised edition of the bestselling Accelerated Windows Memory Dump Analysis book.

Slides from Days 1-3
Slides from Days 4-6

The difference between this training and the current book version:

  • You can ask questions and even bring your own memory dump files for the optional Day 6
  • New additional exercises are based on Windows 11
  • Certificates and tests

Training outline:

  • Day 1 (2 hours): Overview. Process memory dump analysis.
  • Day 2 (2 hours): Process memory dump analysis.
  • Day 3 (2 hours): Process memory dump analysis.
  • Day 4 (2 hours). Kernel memory dump analysis.
  • Day 5 (2 hours). Complete (physical) memory dump analysis.
  • Day 6 (Optional 2 hours): Additional Q&A and memory dump analysis if necessary. Tests.

Before the training, you get:

  • Practical Foundations of Windows Debugging, Disassembling, Reversing, Second Edition PDF book (+300 pages)
  • The current PDF book version (+700 pages)
  • The previous training recording
  • Access to Software Diagnostics Library with more than 370 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies
  • On some days before training sessions, you also get new exercise materials not included in the current book version

After the training, you also get:

  • The updated PDF book version (+800 pages)
  • Additional slides and updated exercise transcripts not included in the book
  • Personalized Certificate of Attendance with unique CID
  • Optional Personalized Certificate of Completion with unique CID (after the tests)
  • Answers to questions during training sessions
  • Current training sessions recording

Note: If you are registered you are allowed to optionally submit your memory dumps before the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees for Day 6.

Prerequisites: Basic Windows troubleshooting

Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers, and quality assurance engineers.

Previous training testimonials: I would like to thank you and recommend your training. I think that the “Accelerated Windows Memory Dump Analysis” training is pin-point, well-taught training. I think it’s the leading training in the dump analysis area and I’ve enjoyed it, the books and materials are very detailed and well written and Dmitry answered all of the needed questions. In addition after the training, Dmitry sent a PDF with written answers and more information about the questions that were asked. I will give this training 5/5. Thank you, Dmitry. --Yaniv Miron, Security Researcher, IL.Hack

If you are mainly interested in .NET memory dump analysis there is another forthcoming training: Accelerated .NET Core Memory Dump Analysis

If you are interested in Linux memory dump analysis there is another forthcoming training: Accelerated Linux Core Dump Analysis