Memory Dumps Collection – Volume 1
Credit
These samples were shared by various sources, but the pinesol93 consolidated them into one repository. Credit goes to the respective creators.
Introduction
To enhance your memory analysis skills, you’ll need access to memory images from devices, typically ones infected with malware. You have two options:
- Create your own samples, which we will cover in a separate post..
- Use pre-existing samples available online (through practicing on cloud labs) or offline (downloading memory dumps and analyze them on your own isolated environment).
In this post, we’ll focus on the second option again: using offline samples.
Memory Samples
We reviewed the memory dump links, removed redundant entries (those already mentioned in previous posts), and replaced non-working links with functioning ones. The updated list now only includes currently working links. This reference is a valuable learning resource, and we aim to make this website your go-to platform for learning memory forensics. We just excluded AboutDFIR samples, as there are too many and We will put them in a different post.
Note: Please take care when analyzing the memory samples, as they might be from malware-infected devices.
| Source | Memory Dump Profile | Direct Download | Comment |
|---|---|---|---|
| InCTF Internationals 2019 | Windows 7 SP1 x64 | Yes | You can find the writeup for the challenge here |
| Samsclass.info Analyzing a RAM image with Volatility | Windows Server 2008 SP1 x86 | Yes | You can find the writeup for the challenge here |
| WannaCry Memory Analysis | Windows XP SP3 | Yes | You can find the writeup for the challenge here |
| Securinets Quals 2019 – Contact_Me | MacSierra_10_12_6_16G23ax64 | Yes | You can find the writeup for the challenge here — You can also download the needed MAC profile here |
| PSExec.py Activity | Windows Server 2012 | Yes | You can also download the clean sample here, so you can compare and learn more. |
| Otter CTF | Windows 7 SP1 x64 | Yes | You can find the writeup for the challenge here |
| GrrCon 2015 | Various samples Named: target1, target2, pos01 and ex01 | No | You need to get a permission to download the images. You can find the writeup for the challenge here |
| Magnet CTF Week 9 – Digging Through Memory | Windows 7 SP1 x64 | Yes | You can find the writeup for the challenge here |
| Houseplant CTF 2020 – Imagery | Windows 10 Build 17763 x64 | Yes | You can find the writeup for the challenge here |
| SDN Forensics Challenge, 2016 | Analyst must determine the profile | Yes | You can find the writeup for the challenge here |
We will try to regularly update it if any new samples are added on the repository.
Conclusion
In this blog, we briefly notified you about some memory dumps that you can download and hone your memory forensic analysis skills.
~ Cya till the Next One
Related Posts
Linux Memory Forensics Challenge
Inside Cridex – Memory Analysis Case Study
