bankingTroubles memory forensics challenge


This lab is made by CyberDefenders.

Lab Scenario

“Company X has contacted you to perform forensics work on a recent incident that occurred. One of their employees had received an e-mail from a co-worker that pointed to a PDF file. Upon opening, the employee did not notice anything; however, they recently had unusual activity in their bank account.

The initial theory is that a user received an e-mail, containing an URL leading to a forged PDF document. Opening that document in Acrobat Reader triggers a malicious Javascript that initiates a sequence of actions to take over the victim’s system.

Company X was able to obtain a memory image of the employee’s virtual machine upon suspected infection and asked you as a security blue team analyst to analyze the virtual memory and provide answers to the questions.”

Downloading the Memory Dump / Running on the Cloud Lab

Please visit the lab official link.

Used Tools


To uncompress the lab (pass:


In this blog, I briefly notified you about a newly released memory forensic challenge.

~ Cya in the Next One

Leave a Reply