TryHackMe Critical challenge memory forensics

Credit

This lab is made by TryHackMe team.

Lab Scenario

“Our user “Hattori” has reported strange behavior on his computer and realized that some PDF files have been encrypted, including a critical document to the company named important_document.pdf. He decided to report it; since it was suspected that some credentials might have been stolen, the DFIR team has been involved and has captured some evidence. Join the team to investigate and learn how to get information from a memory dump in a practical scenario.”

Difficulty Level

Easy

Downloading the Memory Dump / Running on the Cloud Lab

Please visit the lab official link to analyze the memory dump on the cloud.

Used Tools

Instructions

  • Just start the machine to access the memory dump file.
  • The lab is FREE at the time of writing this post.
  • This lab is designed for beginners to get more familiar with some of the most important Windows plugins of Volatiliy3, such as pstree, mftscan, filescan, memmap, netstat, etc.

Conclusion

In this blog, we briefly notified you about a newly released memory forensic challenge.

Cya till the Next One ~ Hoxed