Memory Forensics with Volatility

Description

Volatility Forensics

Task 1

volatility -f victim.raw imageinfo
Output of the imageinfo plugin
vol.py -f victim.raw --profile=Win7SP1x64 pslist
vol.py -f victim.raw --profile=Win7SP1x64 shellbags
Output of the shellbags plugin

Task 2

vol.py -f victim.raw --profile=Win7SP1x64 netscan
Output of the netscan plugin
vol.py -f victim.raw --profile=Win7SP1x64 malfind
Output of the malfind plugin

IOC SAGA

vol.py -f victim.raw --profile=Win7SP1x64 memdump -p 1820 --dump-dir=./
Dumped files
Grepping for the URLs
Grepping for the IP
vol.py -f victim.raw --profile=Win7SP1x64 envars -p 2464
Output of the envars plugin

Passionate about Cyber Security. I am publishing CTF writeups and Cybersec content!