Connect with us on Facebook and Linkedin

Halloweendows Hang and Crash Analysis!

Only 3 days with 50% discount for PDF version of Windows Crash Dump Analysis Training Pack. Offer expires on the 3rd of November 11:11 pm (GMT). Discount takes effect in your cart.

  • Both x86 and x64 Windows versions
  • 2 training courses
  • 9 PDF books
  • 35 hands-on exercises
  • 120 slides with comments
  • 120 questions and answers
  • 680 pages of training books
  • 3,200 pages of reference materials

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  3. Access to Software Diagnostics Library
  4. Memory Dump Analysis Anthology 7 volume set




Certified Software Diagnostics Professional

There are hundreds of individuals and companies who attended our memory dump analysis training sessions or bought training courses directly from us. There are even more who bought them in paperback format from bookstores or read online from content providers.

We now offer a certification in pattern-oriented software diagnostics for software technical support and escalation engineers, software engineers and quality assurance engineers with the following assessment areas:

  • pattern-oriented memory dump analysis
  • pattern-oriented software trace and log analysis

The focus is on unintentional software behaviour such related to crashes, resource consumption (CPU, memory leaks), and hangs. For intentional software behaviour there is Memory Forensics Professional certification under development. The Windows track tests the ability to recognise patterns using the following analysis tools: WinDbg from Microsoft Debugging Tools for Windows and Process Monitor.

The certification has the following features:

  • Two-factor certification:
    1. The first phase is based on real software execution artefacts, not on questions
    2. The second phase involves questions about analysis results to assess understanding
  • Each certificate has its own verifiable CID (Certificate ID)
  • Each assessment score transcript has its unique PID.TID (Performance ID and Transcript ID)
  • Each candidate gets a set of unique memory dumps and software traces
  • Evaluation by individual and overall exam group performance (when there is a sufficient number of candidates and may be postponed initially until the right group size)
  • Second free attempt after one month if the applicant does not pass an assessment

How it is done: after payment, we prepare unique set of memory dumps and software logs together with the short problem descriptions. The preparation may take from two days to a week based on the number of applicants. Then we send these execution artefacts. There is a week to prepare an analysis report. We then evaluate it and ask additional questions during next week. Then we send the final score report. We send the certificate only the applicant recognises 75% of patterns and provides an explanation. The whole certification process may take up to three weeks. An applicant can try again after a month with a new set of memory dumps and traces.

Price: 123 USD (including VAT). The certification cycle starts from the 1st of November.

Study materials: Accelerated Windows Memory Dump Analysis 2nd edition or 3rd edition (base); Accelerated .NET Memory Dump Analysis 1st edition or 2nd edition (optional); Accelerated Windows Software Trace Analysis (optional). “Optional” means that if patterns from optional courses are identified this may improve overall score especially if the base course score is below acceptance.

Certified Memory Forensics Professional

We offer a certification in pattern-oriented memory forensics for digital forensics and incident response professionals, reverse engineers and security researchers with the following assessment areas:

  • pattern-oriented malware detection and analysis
  • pattern-oriented reverse engineering

The focus is on intentional software behaviour such related to malware and rootkits. For unintentional software behaviour there is Software Diagnostics Professional certification. The Windows track tests the ability to recognise ADDR and malware analysis patterns using the following analysis tool: WinDbg from Microsoft Debugging Tools (future versions of this certification may add other tools). It has the same features and process as Software Diagnostics Professional certification.

Price: 123 USD (including VAT). The certification cycle starts from the 1st of December.

Study materials: Accelerated Windows Malware Analysis (base); Accelerated Disassembly, Reconstruction and Reversing (optional). “Optional” means that if patterns from optional courses are identified this may improve overall score especially if the base course score is below acceptance. For these courses and additional learning materials we recommend Windows Memory Forensics Training Pack.

Principles of Memory Dump Analysis: The Collected Seminars

This is a collection of Software Diagnostics Services webinar transcripts about memory dump analysis methodology developed by Software Diagnostics Institute. Includes 6 seminars on physical memory dump analysis, cloud memory dump analysis, patterns, tools, processes and best practices for software trace and memory dump analysis, pattern-oriented software forensics, a pattern language for memory forensics, and mobile software diagnostics.

  • Title: Principles of Memory Dump Analysis: The Collected Seminars
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (September 2014)
  • Language: English
  • Product Dimensions: 28.0 x 21.6
  • PDF: 284 pages
  • ISBN-13: 978-1906717667

When you purchase the PDF book you additionally get free Software Diagnostics Library membership with access to all materials referenced in the book.

Price: 50 USD (including 50% discount from the price of hardcover edition).

Windows Debugging Training Pack

This comprehensive live and postmortem debugging training for software engineers features:

  • Both x86 and x64 Windows versions
  • Both managed, unmanaged and native code
  • 3 training courses
  • 10 books (13 in print version)
  • 46 hands-on exercises
  • 170 slides with comments
  • 120 questions and answers
  • 1,000 pages of training books
  • 3,200 pages of reference materials (3,700 in print version)

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Accelerated .NET Memory Dump Analysis, 2nd edition
  3. Accelerated Windows Debugging3
  4. Access to Software Diagnostics Library
  5. Memory Dump Analysis Anthology 7 volume set (10 volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Windows Crash Dump Analysis Training Pack

This comprehensive training for software technical support engineers, system administrators, software developers and testers features:

  • Both x86 and x64 Windows versions
  • 2 training courses
  • 9 books (12 in print version)
  • 35 hands-on exercises
  • 120 slides with comments
  • 120 questions and answers
  • 680 pages of training books
  • 3,200 pages of reference materials (3,700 in print version)

This offer includes training courses and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Memory Dump Analysis, 3rd edition
  2. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  3. Access to Software Diagnostics Library
  4. Memory Dump Analysis Anthology 7 volume set (10 volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Enterprise Windows Software Diagnostics and Debugging Pack

This comprehensive training contains more than 5,500 pages (6,000 in print version) and features:

  • 3 Windows versions (x86, x64, ARM)
  • 8 training courses
  • 19 books (30 in print version)
  • 88 exercises
  • 780 slides
  • 2,350 pages of training books
  • 3,200 pages of reference materials (3,700 in print version)

This offer includes training courses, seminar transcripts, and access to the vast collection of patterns and case studies:

  1. Accelerated Windows Debugging3
  2. Accelerated Windows Memory Dump Analysis, 3rd edition
  3. Accelerated .NET Memory Dump Analysis, 2nd edition
  4. Accelerated Windows Malware Analysis with Memory Dumps
  5. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  6. Accelerated Windows Software Trace Analysis + recording
  7. Accelerated Disassembly, Reconstruction and Reversing
  8. Advanced Windows RT Memory Dump Analysis, ARM Edition
  9. Software Diagnostics: The Collected Seminars (9 seminar books in print version)
  10. Fundamentals of Physical Memory Analysis
  11. The Old New Crash: Cloud Memory Dump Analysis
  12. Pattern-Oriented Software Forensics: A Foundation of Memory Forensics and Forensics of Things
  13. Access to Software Diagnostics Library (up to 5 named users)
  14. Memory Dump Analysis Anthology 7 volume set (10 volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Windows Memory Forensics Training Pack

This comprehensive native memory forensics training features:

  • 3 Windows versions (x86, x64, ARM)
  • 4 training courses
  • 14 books (17 in print version)
  • 35 exercises
  • 250 slides
  • 1,000 pages of training books
  • 3,200 pages of reference materials (3,700 in print version)

This offer includes training courses, seminar transcripts, and access to the vast collection of memory analysis patterns and case studies:

  1. Advanced Windows Memory Dump Analysis with Data Structures, 2nd edition
  2. Advanced Windows RT Memory Dump Analysis, ARM edition
  3. Accelerated Windows Malware Analysis with Memory Dumps
  4. Accelerated Disassembly, Reconstruction and Reversing
  5. Fundamentals of Physical Memory Analysis
  6. Pattern-Oriented Software Forensics: A Foundation of Memory Forensics and Forensics of Things
  7. Pattern-Oriented Memory Forensics: A Pattern Language Approach
  8. Access to Software Diagnostics Library (up to 5 named users)
  9. Memory Dump Analysis Anthology 7 volume set (10 volume set in print version)

You can buy either in PDF or paperback format with trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Software Diagnostics and Debugging Reference

Memory Dump Analysis Anthology contains revised, edited, cross-referenced, and thematically organized selected articles from Software Diagnostics Institute and Software Diagnostics Library (former Crash Dump Analysis blog) about software diagnostics, debugging, crash dump analysis, software trace and log analysis, malware analysis and memory forensics. Its 7 volumes have more than 3,200 pages and among many topics include more than 280 memory analysis patterns (mostly for WinDbg Windows debugger with selected Mac OS X GDB variants), more than 70 WinDbg case studies, almost 90 general trace and log analysis patterns.

Click on an individual volume to see its description and table of contents:

Print version also includes 3 volume supplement with selected anthology articles reprinted in full premium color (more than 500 pages with almost 400 color illustrations). Click on an individual volume to see its description and table of contents:

You can buy either 7 volume PDF set with 30% discount or 10 volume set in paperback format with 50% discount and trackable shipping included (shipped from OpenTask publisher, some restrictions may apply) or both with further discounts:

You also get free access to Software Diagnostics Library.

Note: We are not responsible for any loss or damage caused during shipment and delivery.

Memory Dump Analysis Anthology, Volume 7

We are now distributors of Volume 7 of Memory Dump Analysis Anthology in PDF format:

Complete 7 volume set in PDF format is also available with a discount.

Training Roadmap

The list of currently available training courses: http://www.patterndiagnostics.com/remote-training

Book: Advanced Windows RT Memory Dump Analysis, ARM Edition

The full transcript of Software Diagnostics Services training with 9 step-by-step exercises. Learn how to navigate through memory dump space and Windows data structures to perform memory forensics, troubleshoot and debug complex software incidents. The training uses a unique and innovative pattern-driven analysis approach to speed up the learning curve. It consists of practical step-by-step exercises using WinDbg to diagnose structural and behavioural patterns in Windows RT kernel and complete (physical) memory dumps. Additional topics include memory search, kernel linked list navigation, practical WinDbg scripting, registry, system variables and objects, device drivers and I/O, memory mapped and cached files content.

Prerequisites: Basic and intermediate level Windows memory dump analysis: ability to list processors, processes, threads, modules, apply symbols, and walk through stack traces.

Audience: Software developers, software technical support and escalation engineers, reverse and security research engineers, digital forensic analysts.

  • Title: Advanced Windows RT Memory Dump Analysis, ARM Edition: Training Course Transcript and WinDbg Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • PDF: 190 pages
  • ISBN-13: 978-1908043733

Table of Contents

Available in PDF format with $50 discount.

Note: Another $50 discount is available for those who previously booked Advanced Windows Memory Dump Analysis training or purchased its book from us. Please use the contact form if you would like to buy the book with a discount.

Accelerated Mac OS X Core Dump Analysis: LLDB Exercises

Warning! Contains only exercises for LLDB debugger.

This is an update for Accelerated Mac OS X Core Dump Analysis: Training Course Transcript and GDB Practice Exercises (ISBN: 978-1908043405) book. In Mac OS X Mavericks GDB was replaced by LLDB debugger. All GDB exercises were reworked and updated for LLDB. The original first edition also contains slide transcripts and selected memory analysis pattern descriptions which are missing in this update. This update contains only LLDB exercises. If you don't have the first edition of this course then Accelerated Mac OS X Core Dump Analysis, Second Edition: Training Course Transcript with GDB and LLDB Practice Exercises (ISBN: 978-1908043719) is recommended instead of this update.

Table of Contents
Review
Amazon Reviews for the previous GDB edition

When you purchase the PDF book you additionally get free Software Diagnostics Library membership.

If you purchased the first edition directly from us or attended corresponding training sessions you can get the second edition for just 50 USD. Please use the contact form if you would like to purchase your book upgrade.

Cyber Space Defence Initiative (Cyber SDI)

One year passed since we launched Cyber Vostok I into cyber space. After a year of survey we now launch Cyberspace Defence Initiative. It is based on our Global Software Diagnostics Infrastructure program.

Book: Accelerated Mac OS X Core Dump Analysis, Second Edition

New! Second edition is fully updated for Mac OS X Mavericks LLDB debugger.

The full transcript of Software Diagnostics Services Training with 12 step-by-step exercises.

  • Title: Accelerated Mac OS X Core Dump Analysis, Second Edition: Training Course Transcript with GDB and LLDB Practice Exercises
  • Authors: Dmitry Vostokov, Software Diagnostics Services
  • Publisher: OpenTask (March 2014)
  • Language: English
  • PDF: 406 pages
  • ISBN-13: 978-1908043719

Table of Contents
Slides from the training
Amazon Reviews for the previous edition

When you purchase the PDF book you additionally get 7 volumes of Memory Dump Analysis Anthology in PDF format (retail price $140) and free Software Diagnostics Library membership.

Introducing Narrascope: A Narrative Debugger

We are partnering with Software Diagnostics Institute to develop the new type of a debugger and diagnostic tool based on pattern-oriented trace and log analysis and software narratology. Although the purpose of this narrative debugger is to identify common problems and patterns in any narrative form including generalized narratives comprised from memory snapshots the initial version of Narrascope® is aimed to analyze diverse narrative artefacts used in digital forensics, software support and maintenance. It will be a part of our Software Diagnostics Workbench and consist of a visual narrative editor and visualizer based on Narrative Presentation Foundation classes, extendable narrative analyzer framework, and a narrative compiler for Narralog programming language.

Training: Accelerated Windows Memory Forensics

Forthcoming in March, 2014.

Reading Computer's Mind

Learn how to navigate through memory space and discover forensic artefacts. We use a unique and innovative pattern-driven analysis approach to speed up the learning curve. The training consists of practical step-by-step exercises using Microsoft WinDbg debugger from Debugging Tools for Windows to diagnose structural memory patterns in x86 and x64 physical and process memory dumps. Patterns of memory acquisition are also covered.

Accelerated Windows Memory Forensics Logo The training consists of the following materials:

  1. A full transcript in PDF format (retail price $300)
  2. 7 volumes of Memory Dump Analysis Anthology in PDF format (retail price $140)
  3. Free Software Diagnostics Library membership with access to more than 200 cross-referenced patterns of memory dump analysis, their classification and more than 70 case studies

Level: Beginner/Intermediate

Prerequisites: Working knowledge of Windows. Operating system internals concepts are explained when necessary.

Audience: Security researchers, malware analysts, digital forensics engineers who have never used WinDbg for analysis of computer memory. The course will also be useful for technical support and escalation engineers who analyse memory dumps from complex software environments and need to go deeper in their analysis of abnormal software structure and behaviour.

Once released this training will also become a part of our Windows Memory Forensics Training Pack.

Presentation, Recording and Logs from Fundamentals of Physical Memory Analysis Webinar

Download presentation: FundamentalsPhysicalMemoryAnalysis.pdf

WinDbg log from a complete memory dump: fpma.txt

WinDbg log (scripting both 32-bit and 64-bit stack traces): fpma-full.txt

Presentation session WinDbg log: fpma-session.txt

Recording: http://youtu.be/T06Z7uqWPf4

Complete transcript: Fundamentals of Physical Memory Analysis

Pattern Diagnostics Channel

We created a YouTube channel where we started adding our presentations:

http://www.youtube.com/PatternDiagnostics

Syndicate content