Day 19 — “CrypTOYminers Sing Volala-lala-latility”
The learning objectives for day 19 were:
- Understand what memory forensics is and how to use it in a digital forensics investigation
- Understand what volatile data and memory dumps are
- Learn about Volatility and how it can be used to analyse a memory dump
- Learn about Volatility profiles
In this task we learned to use a forensic command line tool called Volatility, that lets digital forensics and incident response teams analyse a memory dump in order to perform memory analysis. Volatility is written in python. We created a profile and performed memory analysis, in the process we also learned to use some plugins to find the running process, to extract binary for examination of the process and file extraction .
Click here to see the tutorial.
No comments:
Post a Comment