[Day 11] Memory Forensics

December 11, 2022

Today's challenge was about volatile memory forensics. Using a tool called 'volatility3' I am able to view an image of active processes in RAM. This analysis is critical in digital forensics because the volatility in this type of memory can be lost if a computer is reset or turned off.

volatility3 - https://github.com/volatilityfoundation/volatility3

Flags

What is the Windows version number that the memory image captured?

10

What is the name of the binary/gift that secret Santa left?

mysterygift.exe

What is the Process ID (PID) of this binary?

2040

Dump the contents of this binary. How many files are dumped?

16

Last updated