Connect with us on Facebook and Linkedin

Book: Advanced Windows RT Memory Dump Analysis, ARM Edition

The full transcript of Software Diagnostics Services training with 9 step-by-step exercises. Learn how to navigate through memory dump space and Windows data structures to perform memory forensics, troubleshoot and debug complex software incidents. The training uses a unique and innovative pattern-driven analysis approach to speed up the learning curve. It consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioural patterns in Windows RT kernel and complete (physical) memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O, memory mapped and cached files content.

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, and walk through stack traces.

Audience: Software developers, software technical support and escalation engineers, reverse and security research engineers, digital forensic analysts.

  • Title: Advanced Windows RT Memory Dump Analysis, ARM Edition: Training Course Transcript and WinDbg Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 190 pages
  • ISBN-13: 978-1908043733

Table of Contents

Available in PDF format with $50 discount.

When you purchase the book you additionally get free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies.





Note: Another $50 discount is available for those who previously booked Advanced Windows Memory Dump Analysis training or purchased its book. Please use the contact form if you would like to buy the book with a discount.

Accelerated Mac OS X Core Dump Analysis: LLDB Exercises

Warning! Contains only exercises for LLDB debugger.

This is an update for Accelerated Mac OS X Core Dump Analysis: Training Course Transcript and GDB Practice Exercises (ISBN: 978-1908043405) book. In Mac OS X Mavericks GDB was replaced by LLDB debugger. All GDB exercises were reworked and updated for LLDB. The original first edition also contains slide transcripts and selected memory analysis pattern descriptions which are missing in this update. This update contains only LLDB exercises. If you don't have the first edition of this course then Accelerated Mac OS X Core Dump Analysis, Second Edition: Training Course Transcript with GDB and LLDB Practice Exercises (ISBN: 978-1908043719) is recommended instead of this update.

  • Title: Accelerated Mac OS X Core Dump Analysis: LLDB Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 146 pages
  • ISBN-13: 978-1908043726

Table of Contents
Amazon Reviews for the previous GDB edition

When you purchase the book you additionally get free Software Diagnostics Library membership.

If you purchased the first edition directly from us or attended corresponding training sessions you can get the second edition for just 50 USD. Please use the contact form if you would like to purchase your book upgrade.





Cyber Space Defence Initiative (Cyber SDI)

One year passed since we launched Cyber Vostok I into cyber space. After a year of survey we now launch Cyberspace Defence Initiative. It is based on our Global Software Diagnostics Infrastructure program.

Book: Accelerated Mac OS X Core Dump Analysis, Second Edition

New! Second edition is fully updated for Mac OS X Mavericks LLDB debugger.

The full transcript of Software Diagnostics Services Training with 12 step-by-step exercises.

  • Title: Accelerated Mac OS X Core Dump Analysis, Second Edition: Training Course Transcript with GDB and LLDB Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 406 pages
  • ISBN-13: 978-1908043719

Table of Contents
Amazon Reviews for the previous edition

When you purchase the book you additionally get 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120) and free Software Diagnostics Library membership.





Introducing Narrascope: A Narrative Debugger

We are partnering with Software Diagnostics Institute to develop the new type of a debugger and diagnostic tool based on pattern-oriented trace and log analysis and software narratology. Although the purpose of this narrative debugger is to identify common problems and patterns in any narrative form including generalized narratives comprised from memory snapshots the initial version of Narrascope® is aimed to analyze diverse narrative artefacts used in digital forensics, software support and maintenance. It will be a part of our Software Diagnostics Workbench and consist of a visual narrative editor and visualizer based on Narrative Presentation Foundation classes, extendable narrative analyzer framework, and a narrative compiler for Narralog programming language.

Training: Accelerated Windows Memory Forensics

Forthcoming in March, 2014.

Reading Computer's Mind

Learn how to navigate through memory space and discover forensic artefacts. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Microsoft WinDbg debugger from Debugging Tools for Windows to diagnose structural memory patterns in x86 and x64 physical and process memory dumps. Patterns of memory acquisition are also covered.

Accelerated Windows Memory Forensics Logo The training consists of the following materials:

  1. A full transcript in PDF format (retail price $300)
  2. 7 volumes of Memory Dump Analysis Anthology in PDF format (retail price $140)
  3. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Level: Beginner/Intermediate

Prerequisites: Working knowledge of Windows. Operating system internals concepts are explained when necessary.

Audience: Security researchers, malware analysts, digital forensics engineers who have never used WinDbg for analysis of computer memory. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

Once released this training will also become a part of our Windows Memory Forensics Training Pack.

Presentation, Recording and Logs from Fundamentals of Physical Memory Analysis Webinar

Download presentation: FundamentalsPhysicalMemoryAnalysis.pdf

WinDbg log from a complete memory dump: fpma.txt

WinDbg log (scripting both 32-bit and 64-bit stack traces): fpma-full.txt

Presentation session WinDbg log: fpma-session.txt

Recording: http://youtu.be/T06Z7uqWPf4

Complete transcript: Fundamentals of Physical Memory Analysis

Pattern Diagnostics Channel

We created a YouTube channel where we started adding our presentations:

http://www.youtube.com/PatternDiagnostics

Software Prognostics

We set up and registered an operating subsidiary called Software Prognostics. It will develop the approach originally called Zero Fault Software Diagnostics.

Book: Advanced Windows Memory Dump Analysis with Data Structures, Second Edition

New! In the 2nd edition all exercises were updated for the latest WinDbg version from Windows SDK 8.1.

The full transcript of Software Diagnostics Services Training with 10 step-by-step exercises, notes, and selected Q&A.

  • Title: Advanced Windows Memory Dump Analysis with Data Structures: Training Course Transcript and WinDbg Practice Exercises with Notes, Second Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (December 2013)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 198 pages
  • ISBN-13: 978-0955832888

Table of Contents

When you purchase the book you additionally get 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120) and free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies.





Note: 40% discount is available for those who previously booked Accelerated Windows Memory Dump Analysis training or purchased its book. Please use the contact form if you would like to buy the book with a discount.

Windows Memory Forensics Training Pack

This comprehensive training features:

  • 3 Windows versions (x86, x64, ARM)
  • 4 training courses
  • 12 books
  • 35 exercises
  • 220 slides
  • 900 pages of training books
  • 2,700 pages of reference materials

This offer includes training courses in PDF format, seminar transcripts, and access to the vast collection of memory analysis patterns and case studies:

  1. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  2. Advanced Windows RT Memory Dump Analysis, ARM edition
  3. Accelerated Windows Malware Analysis with Memory Dumps
  4. Accelerated Disassembly, Reconstruction and Reversing
  5. Fundamentals of Physical Memory Analysis
  6. Pattern-Oriented Software Forensics: A Foundation of Memory Forensics and Forensics of Things
  7. Access to Software Diagnostics Library (up to 5 named users)
  8. Memory Dump Analysis Anthology 6 volume set

Price: 499 USD





Book Upgrades

If you purchased PDF books directly from us or attended corresponding training sessions you can get the subsequent editions with the great discounts.

Currently we offer:

Please use the contact form if you would like to purchase your book(s) upgrade.

Book: Accelerated Windows Memory Dump Analysis, Third Edition

New! In the 3rd edition all previous exercises were updated for the latest WinDbg version from Windows SDK 8.1. Two new exercises with Windows 7 and Windows 8.1 memory dumps were added covering additional patterns.

The full transcript of Software Diagnostics Services Training with 25 step-by-step exercises, notes, source code of specially created modeling applications and more than 100 questions and answers. Covers more than 50 crash dump analysis patterns from x86 and x64 process, kernel and complete memory dumps.

  • Title: Accelerated Windows Memory Dump Analysis: Training Course Transcript and WinDbg Practice Exercises with Notes, Third Edition
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (November 2013)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 490 pages
  • ISBN-13: 978-0955832826

Table of Contents

When you purchase the PDF book you additionally get 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120) and free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies.





Training: Advanced Windows Memory Dump Analysis with Data Structures

Now updated for WinDbg 6.3.9600.16384

Learn how to navigate through memory dump space and Windows data structures to troubleshoot and debug complex software incidents. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioral patterns in 64-bit kernel and complete memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O.

Public preview (selected slides) of the previous training

The training consists of 2 two-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, walk through stack traces and raw stack data, diagnose patterns such as heap corruption, CPU spike, memory and handle leaks, access violation, stack overflow, critical section and resource wait chains and deadlocks. If you don't feel comfortable with prerequisites then Accelerated Windows Memory Dump Analysis training is recommended to take (or purchase a corresponding book) before attending this course.

Audience: Software developers, security professionals, software technical support and escalation engineers.

Advanced Windows Memory Dump Analysis Logo

At this time available only in a PDF book format with $100 discount.

Training: Deep Down C++

Learn internals of C++ implementation on x64 Windows platforms. Improve your memory thinking and understanding of C++ coding standards. We use a unique and innovative memory cell diagram approach to speed up the learning curve. The training consists of practical step-by-step hands-on exercises using WinDbg and memory dumps. The author of this course has solid experience in debugging very large C++ code bases, in the development of static code analysis tools for C++ and in C++ and STL semantics.

Deep Down C++ Logo The training consists of 2 two-hour sessions. When you finish the training you additionally get:

  1. A full transcript in PDF format (retail price $300)
  2. 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120)
  3. A personalized attendance certificate with unique CID (PDF format)
  4. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Level: Intermediate/Advanced

Prerequisites: Working knowledge of C++. Operating system internals and assembly language concepts are explained when necessary.

Audience: Software engineers designing, developing and debugging software using C++. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

The PDF training book to be published in 2014.

Note: 40% discount is available for those who previously booked Accelerated Disassembly, Reconstruction and Reversing training or purchased its book.

Book: Accelerated Disassembly, Reconstruction and Reversing

The full transcript of Software Diagnostics Services Training with 6 step-by-step exercises, notes, source code of specially created modeling applications, memory cell diagrams and selected Q&A. Covers mote than 25 ADDR patterns.

  • Title: Accelerated Disassembly, Reconstruction and Reversing: Training Course Transcript and WinDbg Practice Exercises with Memory Cell Diagrams
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (November 2013)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Paperback: 180 pages
  • ISBN-13: 978-1908043672

Table of Contents

When you purchase the book you additionally get 6 volumes of Memory Dump Analysis Anthology in PDF format (retail price $120) and free Software Diagnostics Library membership with access to 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies.





Note: 40% discount is available for those who previously booked Accelerated Windows Memory Dump Analysis training or purchased its book. Please use the contact form if you would like to buy the book with a discount.

LogOS - Log OS - LoggingOS

We begin work on the new type of operating system where tracing and memory dumping for software diagnostics purposes is the main part of OS architecture and built from the ground up. The additional feature is a trace and log pattern-oriented analysis platform for other operating systems.

Presentation and Recording of Mobile Software Diagnostics Webinar

The presentation from Webinar (17th of September, 2013) is available for download: MobileSoftwareDiagnostics.pdf

The recording is available for viewing: http://youtu.be/OuK0tTkDR0Q

Complete transcript: Mobile Software Diagnostics: An Introduction

Software Diagnostics: The Collected Seminars

This is a collection of Software Diagnostics Services webinar transcripts about pattern-oriented software diagnostics developed by Software Diagnostics Institute. Includes 9 seminars on pattern-driven software problem solving, software narratology, pattern-driven software diagnostics, systemic software diagnostics, pattern-based software diagnostics, philosophy of software diagnostics, victimware, malware narratives and pattern-oriented network trace analysis.

  • Title: Software Diagnostics: The Collected Seminars
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (September 2013)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • Hardback: 302 pages
  • ISBN-13: 978-1908043641

When you purchase the PDF book you additionally get free Software Diagnostics Library membership with access to all materials referenced in the book.

Price: 50 USD (including 50% discount from the price of hardcover edition).





Syndicate content