Volatility : Task7-11 : TryHackMe : 1.1
ฝัง
- เผยแพร่เมื่อ 30 ก.ย. 2024
- Volatility : Task7-11 : TryHackMe : 1.1
Learn how to perform memory forensics with Volatility!
tryhackme.com/...
What is the build version of the host machine in Case 001?
At what time was the memory file acquired in Case 001?
What process can be considered suspicious in Case 001?
Note: Certain special characters may not be visible on the provided VM. When doing a copy-and-paste, it will still copy all characters.
What is the parent process of the suspicious process in Case 001?
What is the PID of the suspicious process in Case 001?
What is the parent process PID in Case 001?
What user-agent was employed by the adversary in Case 001?
Was Chase Bank one of the suspicious bank domains found in Case 001? (Y/N)
What suspicious process is running at PID 740 in Case 002?
What is the full path of the suspicious binary in PID 740 in Case 002?
What is the parent process of PID 740 in Case 002?
What is the suspicious parent process PID connected to the decryptor in Case 002?
From our current information, what malware is present on the system in Case 002?
What DLL is loaded by the decryptor used for socket creation in Case 002?
What mutex can be found that is a known indicator of the malware in question in Case 002?
What plugin could be used to identify all files loaded from the malware working directory in Case 002?
