[Day 11] Memory Forensics
December 11, 2022
Today's challenge was about volatile memory forensics. Using a tool called 'volatility3' I am able to view an image of active processes in RAM. This analysis is critical in digital forensics because the volatility in this type of memory can be lost if a computer is reset or turned off.
volatility3 - https://github.com/volatilityfoundation/volatility3
Flags
What is the Windows version number that the memory image captured?
10
What is the name of the binary/gift that secret Santa left?
mysterygift.exe
What is the Process ID (PID) of this binary?
2040
Dump the contents of this binary. How many files are dumped?
16
Last updated