Critical Room Challenge
Credit
This lab is made by TryHackMe team.
Lab Scenario
“Our user “Hattori” has reported strange behavior on his computer and realized that some PDF files have been encrypted, including a critical document to the company named important_document.pdf. He decided to report it; since it was suspected that some credentials might have been stolen, the DFIR team has been involved and has captured some evidence. Join the team to investigate and learn how to get information from a memory dump in a practical scenario.”
Difficulty Level
Easy
Downloading the Memory Dump / Running on the Cloud Lab
Attention: the sample you are about to download is including malicious files and malware samples. To protect your system, please analyze it on a completely isolated virtual machine if it is not running on cloud
Please visit the lab official link to analyze the memory dump on the cloud.
Used Tools
Instructions
- Just start the machine to access the memory dump file.
- The lab is FREE at the time of writing this post.
- This lab is designed for beginners to get more familiar with some of the most important Windows plugins of Volatiliy3, such as pstree, mftscan, filescan, memmap, netstat, etc.
Conclusion
In this blog, we briefly notified you about a newly released memory forensic challenge.
Cya till the Next One ~ Hoxed
Related Posts
Linux Memory Forensics Challenge
Reveal Challenge
