Connect with us on Facebook and Linkedin

Training: Advanced Software Trace and Log Analysis

Improve your Diagnostic Expertise with Pattern-Oriented Diagnostic Thinking.

Since the introduction of Accelerated Windows Software Trace Analysis course 3 years ago the number of trace and log analysis patterns has doubled. This pattern language has also been applied to the analysis of malware narratives and network trace analysis. We now introduce a general diagnostic training that covers more than 120 trace and log analysis patterns developed up to date by Software Diagnostics Institute. To see what does this training look like, please check the slides from the similar past Accelerated Windows Software Trace Analysis training that covers only approx. 60 trace and log analysis patterns. The new training also covers the pattern content of the previous Accelerated training and independent from it.

The training consists of 4 one-hour sessions (1 hour every day). When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $100)
  2. Software Trace and Log Analysis: A Pattern Reference PDF book (retail price $20)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to more than 120 cross-referenced patterns of trace and log analysis and much more

Prerequisites: Basic software troubleshooting using logs.

Audience: Software technical support and escalation engineers, system administrators, security researchers, network forensics analysts, software maintenance engineers, and all interested in software diagnostics.

Price: 100 USD

Advanced Software Trace and Log Analysis Logo

To accommodate different time zones we scheduled two separate trainings with identical content:

Training 1 schedule:

Mon, Mar 14, 2016 8:00 AM - 9:00 AM GMT
Tue, Mar 15, 2016 8:00 AM - 9:00 AM GMT
Wed, Mar 16, 2016 8:00 AM - 9:00 AM GMT
Thu, Mar 17, 2016 8:00 AM - 9:00 AM GMT

Registration: https://attendee.gototraining.com/r/557309831074539522

Training 2 schedule:

Mon, Mar 21, 2016 8:00 PM - 9:00 PM GMT
Tue, Mar 22, 2016 8:00 PM - 9:00 PM GMT
Wed, Mar 23, 2016 8:00 PM - 9:00 PM GMT
Thu, Mar 24, 2016 8:00 PM - 9:00 PM GMT

Registration: https://attendee.gototraining.com/r/2466114793451859458

If you are mainly interested in Windows memory dump analysis there is another scheduled training available in early March:

Accelerated Windows Memory Dump Analysis

If you are mainly interested in Mac OS X or Linux core dump analysis there are another courses available:

Accelerated Mac OS X Core Dump Analysis

Accelerated Linux Core Dump Analysis

Windows Software Diagnostics Training Pack

This is a light version of Enterprise Windows Software Diagnostics and Debugging Pack. It contains only training courses for Windows crash and hang memory dump analysis and software log analysis: the core of Windows software technical support.

The pack features:

  • Both x86 and x64 Windows versions
  • Both kernel and user memory spaces
  • Both managed, unmanaged, and native code
  • 4 training courses
  • 4 seminar transcripts
  • 20 books (22 in print version)
  • 50 hands-on exercises
  • 360 slides with comments
  • 130 questions and answers
  • 1,070 pages of training books
  • 4,700 pages of reference materials (5,100 in print version)

This offer includes seminar transcripts, training courses, pattern encyclopedias, and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  3. Accelerated .NET Memory Dump Analysis, 2nd edition
  4. Accelerated Windows Software Trace Analysis
  5. Memory Dump Analysis Anthology 8-volume set (12-volume set in print version), Encyclopedia of Crash Dump Analysis Patterns, and Software Trace and Log Analysis: A Pattern Reference
  6. Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book
  7. Software Trace and Memory Dump Analysis: Patterns, Tools, Processes and Best Practices
  8. Pattern-Driven Software Diagnostics: An Introduction
  9. Pattern-Based Software Diagnostics: An Introduction
  10. Systemic Software Diagnostics: An Introduction
  11. Access to Software Diagnostics Library

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Training Roadmap

The list of currently available training courses: http://www.patterndiagnostics.com/remote-training

Training: Accelerated Windows Memory Dump Analysis

We resume our flagship training course with the new version 4!

Learn how to analyze application, service and system crashes and freezes, navigate through memory dump space and diagnose heap corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. We use a unique and innovative pattern-oriented analysis approach to speed up the learning curve. The training consists of more than 25 practical step-by-step exercises using WinDbg highlighting more than 50 patterns diagnosed in 32-bit and 64-bit process, kernel and complete memory dumps.

This new training version is updated for Windows 10 and WinDbg 10.0.10240.9. It also includes memory analysis patterns introduced since the previous training versions, additional coverage of blue screen bugchecks, and memory acquisition patterns.

Public preview (selected slides) of the previous training

If you are registered, you are allowed to optionally submit your memory dumps before and during the training. This will allow us in addition to the carefully constructed problems tailor extra examples to the needs of the attendees.

The training consists of 5 two-hour sessions (2 hours every day). When you finish the training you additionally get:

  1. A full transcript in PDF format with more than 100 questions and answers (retail price $300)
  2. The previous version of the training in PDF format
  3. 8 volumes of Memory Dump Analysis Anthology in PDF format (retail price $160)
  4. Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book (retail price $20)
  5. A personalized attendance certificate with unique CID (PDF format)
  6. Free Software Diagnostics Library membership with access to more than 300 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies

Prerequisites: Basic Windows troubleshooting

Audience: Software technical support and escalation engineers, system administrators, security researchers, reverse engineers, malware and memory forensics analysts, software developers and quality assurance engineers

Price: 300 USD

Accelerated Windows Memory Dump Analysis Logo

To accommodate different time zones we scheduled two separate trainings with identical content:

Training 1 schedule:

Mon, Feb 29, 2016 7:00 AM - 9:00 AM GMT
Tue, Mar 1, 2016 7:00 AM - 9:00 AM GMT
Wed, Mar 2, 2016 7:00 AM - 9:00 AM GMT
Thu, Mar 3, 2016 7:00 AM - 9:00 AM GMT
Fri, Mar 4, 2016 7:00 AM - 9:00 AM GMT

Registration: https://attendee.gototraining.com/r/6588279543087655426

Training 2 schedule:

Mon, Mar 7, 2016 7:00 PM - 9:00 PM GMT
Tue, Mar 8, 2016 7:00 PM - 9:00 PM GMT
Wed, Mar 9, 2016 7:00 PM - 9:00 PM GMT
Thu, Mar 10, 2016 7:00 PM - 9:00 PM GMT
Fri, Mar 11, 2016 7:00 PM - 9:00 PM GMT

Registration: https://attendee.gototraining.com/r/882565161372177154

If you are not able to attend the training the previous version is available in a PDF book format with $50 discount.

Training testimonials:

I would like to thank you and recommend your training. I think that the “Accelerated Windows Memory Dump Analysis” training is a pin-point, well taught training. I think it’s the leading training in the dump analysis area and I’ve enjoyed it, the books and materials are very detailed and well written and Dmitry answered all of the needed question. In addition after the training Dmitry sent a PDF with written answers and more information about the questions that were asked. I will give this training 5/5. Thank you Dmitry. --Yaniv Miron, Security Researcher, IL.Hack

If you are mainly interested in .NET memory dump analysis there is another course available:

Accelerated .NET Memory Dump Analysis

If you are mainly interested in Mac OS X or Linux core dump analysis there are another courses available:

Accelerated Mac OS X Core Dump Analysis

Accelerated Linux Core Dump Analysis

.NET Memory Dump Analysis Training Pack

One of the real life .NET service hang postmortem debugging scenarios: a process memory dump shows multiple threads (CLR Thread memory analysis pattern) waiting for a critical section (Wait Chain memory analysis pattern) in unmanaged user space. We identify the critical section owner thread and possible module (Top Module memory analysis pattern). But from a complete memory dump, we are able to find that the owner thread was waiting for a kernel synchronization object owned by a different CLR thread that was also waiting for the same critical section (Deadlock memory analysis pattern).

This is why it is beneficial for a .NET developer in addition to .NET managed space to know the unmanaged process, kernel and complete memory space analysis patterns for efficient diagnostics and postmortem debugging. The comprehensive .NET Memory Dump Analysis Training Pack covers all such spaces using WinDbg from Debugging Tools for Windows:

The pack features:

  • Both x86 and x64 Windows versions
  • Both kernel and user memory spaces
  • Both managed, unmanaged, and native code
  • 2 training courses
  • 11 books (14 in print version)
  • 35 hands-on exercises
  • 100 slides with comments
  • 120 questions and answers
  • 750 pages of training books
  • 3,500 pages of reference materials (3,900 in print version)

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Accelerated .NET Memory Dump Analysis, 2nd edition
  3. Access to Software Diagnostics Library

The pack also includes Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book.

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Unix Memory Dump Analysis Training Pack

Learn how to analyze application crashes and freezes, navigate through process memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains and much more. We use a unique and innovative pattern-oriented analysis approach to speed up the learning curve. The training pack consists of practical step-by-step exercises using GDB and LLDB debuggers highlighting dozens of memory analysis patterns diagnosed in 64-bit process memory dumps from Mac OS X and Linux platforms. The training pack also includes source code for modeling applications and a catalogue of relevant patterns from Software Diagnostics Institute.

This comprehensive training pack for software technical support engineers, system administrators, DevOps, software developers and testers features:

  • 2 platforms (x64 Mac OS X, x64 Linux)
  • 2 debuggers (GDB and LLDB)
  • 2 training courses
  • 11 books
  • 37 hands-on exercises
  • 90 slides with comments
  • 630 pages of training books
  • 3,500 pages of reference materials (3,900 in print version)

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Mac OS X Core Dump Analysis, 2nd edition
  2. Accelerated Linux Core Dump Analysis (currently only in PDF version)
  3. Access to Software Diagnostics Library
  4. Memory Dump Analysis Anthology 8-volume set (12-book set in print version)

Purchase

Book: Accelerated Linux Core Dump Analysis

The full transcript of Software Diagnostics Services training with 13 step-by-step exercises.

Learn how to analyse Linux process crashes and hangs, navigate through process core memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains, and much more. We use a unique and innovative pattern-oriented diagnostic analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using GDB debugger highlighting more than 25 memory analysis patterns diagnosed in 64-bit process core memory dumps. The training also includes source code of modelling applications, a catalogue of relevant patterns from Software Diagnostics Institute, and an overview of relevant similarities and differences between Windows and Linux user space memory dump analysis useful for engineers with Wintel background.

  • Title: Accelerated Linux Core Dump Analysis: Training Course Transcript with GDB Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (December 2015)
  • Language: English
  • PDF: 228 pages
  • ISBN-13: 978-1908043979

Slides from the training
Table of Contents

When you purchase the PDF book you additionally get free named Software Diagnostics Library membership. There is an option to buy 8 volumes of Memory Dump Analysis Anthology in PDF format (retail price $160) together with the course.

Purchase

PatternSight Training Platform

We combine our pattern-oriented training courses, training packs, reference materials, and training tools (such as Patterns debugger extension) into a unified PatternSight Training PlatformTM that covers software construction (software architecture, design, and implementation), software post-construction (software diagnostics and debugging), and software deconstruction (reversing).

Memory Dump Analysis Anthology Volume Set

We resume our sale of revised Memory Dump Analysis Anthology Volume Set in PDF format. If you are interested in the reference set that includes two additional encyclopedias or in the printed version please check our Software Diagnostics and Debugging Reference.

Purchase

You also get free access to Software Diagnostics Library.

Patterns Debugger Extension DLL

We are happy to release the first version of WinDbg (X64) extension to facilitate learning memory analysis pattern language developed by Software Diagnostics Institute and used in our training courses.

The current standard version 1.0 can be downloaded from here.

Here is a usage example:

0:000> .load patterns

0:000> !help
Patterns Debugger Extension DLL (Version 1.0.0.0 [std]). Copyright © 2015 Software Diagnostics Services. All rights reserved.

Commands:
lst - Shows the current list of memory analysis pattern categories
lst category - Shows the current list of memory analysis patterns for the specified category
sdl abbreviation - Opens a pattern description from Software Diagnostics Library
chk - Shows the current memory analysis checklist categories
chk category - Shows the current memory analysis checklist for the specified category
eula - Shows license terms

0:000> !lst
Memory Analysis Pattern Categories:

Hooksware Patterns [H]
Wait Chain Patterns [W]
DLL Link Patterns [L]
Memory Consumption Patterns [M]
Dynamic Memory Corruption Patterns [C]
Deadlock and Livelock Patterns [D]
Contention Patterns [N]
Stack Overflow Patterns [O]
.NET / CLR / Managed Space Patterns [.]
Stack Trace Patterns [S]
Symbol Patterns [Y]
Exception Patterns [E]
Meta-Memory Dump Patterns [-]
Module Patterns [!]
Optimization Patterns [I]
Thread Patterns [T]
Process Patterns [P]
Executive Resource Patterns [X]
Falsity and Coincidence Patterns [F]
RPC, LPC and ALPC Patterns [R]
Malware Analysis Patterns [@]

0:000> !lst S
Stack Trace Patterns:

Stack Trace [STRA]
Stack Trace Collection (unmanaged space) [STCU]
Special Stack Trace [SSTR]
Exception Stack Trace [ESTR]
Dual Stack Trace [DSTR]
Truncated Stack Trace [TSTR]
Managed Stack Trace [MSTR]
Incorrect Stack Trace [ISTR]
Stack Trace Set [STSE]
Stack Trace Collection (managed space) [STCM]
Stack Trace Collection (predicate) [STCP]
Empty Stack Trace [EMST]
Stack Trace Collection (I/O requests) [STCI]
Stack Trace Change [STCH]
First Fault Stack Trace [FFST]
Critical Stack Trace [CSTR]
RIP Stack Trace [RSTR]
Glued Stack Trace [GSTR]
Rough Stack Trace [ROST]
Past Stack Trace [PSTR]
Stack Trace (I/O request) [STIO]
Stack Trace (file system filters) [STFS]
Stack Trace (database) [STDB]
Variable Subtrace [VSUB]
Technology-Specific Subtrace (COM interface invocation) [TSCI]
Technology-Specific Subtrace (dynamic memory) [TSDM]
Technology-Specific Subtrace (JIT .NET code) [TSJN]
Technology-Specific Subtrace (COM client call) [TSCC]
Internal Stack Trace [INST]
Stack Trace Collection (CPUs) [STCC]
Stack Trace Surface [STSU]
Hidden Stack Trace [HSTR]

The patterns are shown in the order they originally appeared in Memory Dump Analysis Anthology volumes. The four-character codes for !sdl command are for pro version which will be released soon for users of Software Diagnostics Library.

The extension also shows Windows Memory Analysis Checklist via !chk command.

Book: Practical Foundations of Windows Debugging, Disassembling, Reversing

This training course is a combined and reformatted version of the two previous books Windows Debugging: Practical Foundations and x64 Windows Debugging: Practical Foundations. The new format makes it easy to switch between and compare x86 and x64 versions. The book also has a larger format similar to other training courses, punctuation and code highlighting improvements, the output and screenshots from the latest WinDbg 10, and consistently uses WinDbg (X86) for 32-bit examples and WinDbg (X64) for 64-bit examples.

The book contains two separate sets of chapters and corresponding illustrations. They are named Chapter x86.NN and Chapter x64.NN respectively. There is some repetition of content due to the shared nature of x64 and x86 platforms. Both sets of chapters can be read independently. We included x86 chapters because many Windows applications are still 32-bit and executed in 32-bit compatibility mode on x64 Windows systems.

This introductory training course can complement the more advanced course Accelerated Disassembly, Reconstruction and Reversing.

  • Title: Practical Foundations of Windows Debugging, Disassembling, Reversing: Training Course
  • Authors: Dmitry Vostokov, Software Diagnostics Institute
  • Publisher: OpenTask (October 2015)
  • Language: English
  • PDF: 350 pages
  • ISBN-13: 978-978-1908043948

Table of Contents

Purchase

We are now the authorized training provider!

We are appointed by Software Diagnostics Institute as the authorized training provider for pattern-oriented software diagnostics and associated subfields: http://www.dumpanalysis.org/authorized-training-providers

Software Diagnostics and Debugging Reference

New! Includes Encyclopedia of Pattern-Oriented Software Diagnostics.

Memory Dump Analysis Anthology contains revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) about software diagnostics, debugging, crash dump analysis, software trace and log analysis, malware analysis and memory forensics. Its 8 volumes in 9 books have more than 3,500 pages and among many topics include more than 300 memory analysis patterns (mostly for WinDbg Windows debugger with selected Mac OS X GDB variants), more than 70 WinDbg case studies, more than 100 general trace and log analysis patterns.

8 volumes in 9 books are now in the 2nd revision!

Tables of Contents and Indexes of WinDbg Commands from all volumes

Click on an individual volume to see its description and table of contents:

The print version also includes 3-volume supplement with selected anthology articles reprinted in full premium color (more than 500 pages with almost 400 color illustrations). Click on an individual volume to see its description and table of contents:

You can buy either the 8-volume PDF set plus 2 Encyclopedia books with 40% discount or 12-volume set plus 2 Encyclopedia books in paperback format with 60% discount and trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

If you are only interested in Memory Dump Analysis Anthology volume set in PDF format please use this link.

Purchase

You also get free access to Software Diagnostics Library.

Note: We are not responsible for any loss or damage during shipment and delivery.

Memory Dump Analysis Anthology, Volume 8b

We are now distributors of Volume 8b of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 8-volume set in PDF format is also available with a discount.

Recorded Training Sessions

New! Historical video recordings of past training sessions corresponding to the following courses are now available:

Accelerated Windows Memory Dump Analysis, 3rd edition (8 hours)

Accelerated Windows Debugging3 (4 hours)

Accelerated .NET Memory Dump Analysis, 2nd edition (4 hours)

Accelerated Disassembly, Reconstruction and Reversing (4 hours)

Accelerated Windows Malware Analysis with Memory Dumps (4 hours)

The price of each set of recordings is 99 USD and they can be purchased independently of the corresponding training courses and training packs. Download links are sent in 24-48 hours after the purchase. When you purchase you also get free named Software Diagnostics Library membership with access to more than 300 cross-referenced patterns of memory dump analysis, their classification, and more than 70 case studies.

Purchase

Memory Dump Analysis Anthology, Volume 5

We are now distributors of Volume 5 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 8-volume set in PDF format is also available with a discount.

Memory Dump Analysis Anthology, Volume 4

We are now distributors of Volume 4 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 8-volume set in PDF format is also available with a discount.

Platform-Independent Crash Dump Analysis Training Pack

New! Now includes Practical Foundations of Windows Debugging, Disassembling, Reversing PDF book.

Learn how to analyze application crashes and freezes, navigate through process memory dump space and diagnose corruption, memory leaks, CPU spikes, blocked threads, deadlocks, wait chains and much more. We use a unique and innovative platform-independent pattern-oriented analysis approach to speed up the learning curve. The training pack consists of practical step-by-step exercises using popular debuggers WinDbg, GDB, and LLDB highlighting dozens of memory analysis patterns diagnosed in 64-bit process memory dumps from Windows, Mac OS X and Linux platforms. The training pack also includes source code for modeling applications, a catalogue of relevant patterns from Software Diagnostics Institute, an overview of relevant similarities and differences between Windows, Mac OS X and Linux user space memory dump analysis, and Windows kernel and physical memory space analysis exercises necessary for learning pattern diagnosis of complex application and service inter-process communication problems.

This comprehensive training pack for software technical support engineers, system administrators, DevOps, software developers and testers features:

  • 3 platforms (x86/x64 Windows, x64 Mac OS X, x64 Linux)
  • 3 debuggers (WinDbg, GDB, LLDB)
  • 3 training courses
  • 12 books (14 in print version)
  • 65 hands-on exercises
  • 170 slides with comments
  • 100 questions and answers
  • 1,120 pages of training books
  • 3,500 pages of reference materials (3,900 in print version)

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Accelerated Mac OS X Core Dump Analysis, 2nd edition
  3. Accelerated Linux Core Dump Analysis (currently only in PDF version)
  4. Access to Software Diagnostics Library
  5. Memory Dump Analysis Anthology 8-volume set (11-volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Purchase

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Memory Dump Analysis Anthology, Volume 3

We are now distributors of Volume 3 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 8-volume set in PDF format is also available with a discount.

Memory Dump Analysis Anthology, Volume 2

We are now distributors of Volume 2 of Memory Dump Analysis Anthology in PDF format:

Purchase

Complete 8-volume set in PDF format is also available with a discount.

Syndicate content