Memory Forensics with Volatility


Volatility Forensics

Task 1

volatility -f victim.raw imageinfo
Output of the imageinfo plugin -f victim.raw --profile=Win7SP1x64 pslist -f victim.raw --profile=Win7SP1x64 shellbags
Output of the shellbags plugin

Task 2 -f victim.raw --profile=Win7SP1x64 netscan
Output of the netscan plugin -f victim.raw --profile=Win7SP1x64 malfind
Output of the malfind plugin

IOC SAGA -f victim.raw --profile=Win7SP1x64 memdump -p 1820 --dump-dir=./
Dumped files
Grepping for the URLs
Grepping for the IP -f victim.raw --profile=Win7SP1x64 envars -p 2464
Output of the envars plugin

Passionate about Cyber Security. I am publishing CTF writeups and Cybersec content!