Online Training: Accelerated Windows Memory Dump Analysis

Software Diagnostics Services organizes this online training course.

Accelerated Windows Memory Dump Analysis Logo

This training includes 32 step-by-step exercises and covers more than 65 crash dump analysis patterns from x86 and x64 process, kernel, and complete (physical) memory dumps. Learn how to analyze application, service and system crashes and freezes, navigate through memory dump space and diagnose heap corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more with WinDbg debugger. The training uses a unique and innovative pattern-oriented analysis approach developed by Software Diagnostics Institute to speed up the learning curve, and it is based on the latest 5th edition of the bestselling Accelerated Windows Memory Dump Analysis book.

Slides from Days 1-2
Slides from Days 3-4

The difference between this training and the current book version:

  • You can ask questions and even bring your own memory dump files for the optional Day 5
  • Fully containerized
  • Some old exercises are updated for Windows 11
  • New additional exercises are based on Windows 11
  • Certificates and tests

Training outline:

  • Day 1 (2 hours): Overview. Process memory dump analysis.
  • Day 2 (2 hours): Process memory dump analysis.
  • Day 3 (2 hours). Kernel memory dump analysis.
  • Day 4 (2 hours). Complete (physical) memory dump analysis.
  • Day 5 (Optional 2 hours): Additional Q&A and memory dump analysis if necessary. Tests.

Before the training:

  • One day before each training day, you get exercise materials

After the training, you also get:

  • The updated book version (+700 pages)
  • Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book
  • Additional slides and exercise transcripts not included in the book
  • Access to Software Diagnostics Library with more than 370 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies
  • Personalized Certificate of Attendance with unique CID
  • Optional Personalized Certificate of Completion with unique CID (after the tests)
  • Answers to questions during training sessions
  • Recording

Note: If you are registered you are allowed to optionally submit your memory dumps before the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees for Day 5.

Prerequisites: Basic Windows troubleshooting

Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers, and quality assurance engineers.

Previous training testimonials:

I would like to thank you and recommend your training. I think that the “Accelerated Windows Memory Dump Analysis” training is pin-point, well-taught training. I think it’s the leading training in the dump analysis area and I’ve enjoyed it, the books and materials are very detailed and well written and Dmitry answered all of the needed questions. In addition after the training, Dmitry sent a PDF with written answers and more information about the questions that were asked. I will give this training 5/5. Thank you, Dmitry. --Yaniv Miron, Security Researcher, IL.Hack

If you are mainly interested in .NET memory dump analysis there is another course available:

Accelerated .NET Memory Dump Analysis