Skip to main content

Mark's Events

Find out about recent and upcoming Sysinternals-related events and appearances by Mark Russinovich. If you have a question about any of these events, please visit the Sysinternals Forum for answers and help from other users and our moderators.

Updated: April 16, 2012

Upcoming Events

None at this time.

Recent Events

Black Hat USA 2011

Workshop: Zero Day Malware Cleaning with the Sysinternals Tools | Session Slides

August 3-4, 2011
Black Hat USA
Las Vegas, NV

Learn how to analyze and clean zero day malware using the Sysinternals tools directly from their author, including Process Monitor, Process Explorer, and Autoruns. By enabling deep inspection and control of processes, file system and registry activity, and autostart execution points, these utilities are useful for everything from day-to-day computer maintenance to advanced system and application troubleshooting. The tools are especially effective for malware analysis and cleaning - so much so that malware commonly tries to prevent their execution. Mark focuses on the features useful for malware hunting, demonstrates their capabilities by presenting real-world cases of the tools being used to identify and clean malware, and concludes with a live analysis of the infamous Stuxnet virus.

Tech-Ed North America 2011

WCL405 | Mysteries of Memory Management Revealed, with Mark Russinovich (Part 1 of 2)
Breakout Session | 400 - Expert | Windows Client
Wednesday, May 18 | 1:30 PM - 2:45 PM
If you want to know the difference between System Committed memory and Process Committed memory, wondered what all those memory numbers shown by Task Manager really mean, or want to gain insight into the memory-related impact of a process, then this talk is for you. Using various memory analysis tools including: Process Explorer, VMMap, RAMMap, and others to highlight concepts throughout, the presentation starts with an overview of virtual memory management, describing types of process address space memory and how they impact system virtual memory. Then it dives into physical memory management, discussing how Windows manages process working sets, how it keeps track of physical memory, and how memory moves between different states.

WCL406 | Mysteries of Memory Management Revealed, with Mark Russinovich (Part 2 of 2)
Breakout Session | 400 - Expert | Windows Client
Wednesday, May 18 | 3:15 PM - 4:30 PM
If you want to know the difference between System Committed memory and Process Committed memory, wondered what all those memory numbers shown by Task Manager really mean, or want to gain insight into the memory-related impact of a process, then this talk is for you. Using various memory analysis tools including: Process Explorer, VMMap, RAMMap, and others to highlight concepts throughout, the presentation starts with an overview of virtual memory management, describing types of process address space memory and how they impact system virtual memory. Then it dives into physical memory management, discussing how Windows manages process working sets, how it keeps track of physical memory, and how memory moves between different states.

COS301 | Inside Windows Azure, the Cloud Operating System with Mark Russinovich
Breakout Session | 300 - Advanced | Cloud Computing & Online Services
Thursday, May 19 | 10:15 AM - 11:30 AM
Join Mark Russinovich, now working on Azure, for an under-the-hood tour of the internals of Microsoft’s new cloud OS. Topics include datacenter architecture, cloud OS architecture, and what goes on behind the scenes when you deploy a service, a machine fails or comes online and a role fails.

WCL304 | Case of the Unexplained 2011: Windows Troubleshooting with Mark Russinovich
Breakout Session | 300 - Advanced | Windows Client
Thursday, May 19 | 2:45 PM - 4:00 PM
Come hear Mark Russinovich, the master of Windows troubleshooting, walk you through step-by-step how he has solved seemingly unsolvable system and application problems on Windows. With all-new real case studies, Mark shows how to apply the Microsoft Debugging Tools and his own Sysinternals tools, including Process Explorer and Process Monitor, to solve system crashes, process hangs, security vulnerabilities, DLL conflicts, permissions problems, registry misconfiguration, network hangs and file system issues. These tools are used on a daily basis by Microsoft Product Support and have been used effectively to solve a wide variety of desktop and server issues, so being familiar with their operation and application will assist you in dealing with different problems on Windows.