Memory forensics is a key component of any incident investigation involving endpoints. It can help determine whether an infection did in fact occur, and if so, what type of threat is involved. However, most SOC/IR teams do not fully utilize memory forensics techniques as part of their investigations usually from lack of time or technical know-how. In this talk, we will show you how Intezers endpoint scanner and Volatility plugin analyze live e...