Tryhackme:Volatility

Intro:

Obtaining Memory Samples:

  • FTK Imager
  • Redline
  • DumpIt.exe
  • win32dd.exe / win64dd.exe
  • VMware — .vmem file
  • Hyper-V — .bin file
  • Parallels — .mem file
  • VirtualBox — .sav file *This is only a partial memory file. You’ll need to dump memory like a normal bare-metal system for this hypervisor

Examining Our Patient:

Post Actions:

Extra Credit:

--

--

--

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Sorting Algorithms Summary — When to Use Which

Mafia 3 Mac Download Free

Knife | HackTheBox | Write-up

Snowflake Micro-partitions, Data Clustering & Zero-copy Cloning

Jokes on the Command Line — A CLI App

Holy wars…over standardized code formatting

Passing the era of “text input, text output” style of programming

2 Years in Android development and what I’ve learnt so far . . .

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
jagadeesh

jagadeesh

CTF-PLAYER, security analyst, Pentesting, vapt, digital forensics

More from Medium

N.B. Forrest Had Character Traits to Admire

Diversity Monologues

FAME x The Studio K

November 24th — Tears On Her Piano Keys