This is still (very much) under construction. Although a lot of information of this section is already available, I still haven't finished yet. - So please be patient and come back a little later. THX
The first vague steps in Windows memory forensics after a recent detection of a client machine beaconing to a known malicious IP.
Good sample discovering a Zeus Trojan by Javier Nieto