Our great sponsors
-
InfluxDB
Power Real-Time Data Analytics at Scale. Get real-time insights from all types of time series data with InfluxDB. Ingest, query, and analyze billions of data points in real-time with unbounded cardinality.
Volatility Foundation Volatility Framework 2.6 Usage: Volatility - A memory forensics analysis platform. Options: -h, --help list all available options and their default values. Default values may be set in the configuration file (/etc/volatilityrc) --conf-file=/root/.volatilityrc User based configuration file -d, --debug Debug volatility --plugins=PLUGINS Additional plugin directories to use (colon separated) --info Print information about all registered objects --cache-directory=/root/.cache/volatility Directory where cache files are stored --cache Use caching --tz=TZ Sets the (Olson) timezone for displaying timestamps using pytz (if installed) or tzset -f FILENAME, --filename=FILENAME Filename to use when opening an image --profile=WinXPSP2x86 Name of the profile to load (use --info to see a list of supported profiles) -l LOCATION, --location=LOCATION A URN location from which to load an address space -w, --write Enable write support --dtb=DTB DTB Address --shift=SHIFT Mac KASLR shift address --output=text Output in this format (support is module specific, see the Module Output Options below) --output-file=OUTPUT_FILE Write output in this file -v, --verbose Verbose information --physical_shift=PHYSICAL_SHIFT Linux kernel physical shift address --virtual_shift=VIRTUAL_SHIFT Linux kernel virtual shift address -g KDBG, --kdbg=KDBG Specify a KDBG virtual address (Note: for 64-bit Windows 8 and above this is the address of KdCopyDataBlock) ... LABS SET UP This scenario will be using MemLabs cloned from https://github.com/stuxnet999/MemLabs. The labs contain the CTF memory images as referenced earlier.
Related posts
- Platform for training digital forensics
- MemLabs: Learn Memory Forensics through CTF-styled labs
- Best site for memory forensic test
- I saw my definition of a worst case scenario today, all because the client didn't want to spend a little bit of money a couple years ago.
- sidr: Search Index Database Reporter - SIDR ("cider") is a tool designed to parse Windows search artifacts from Windows 10 (and prior) and Windows 11 systems. The tool handles both ESE databases (Windows.edb) and SQLite databases (Windows.db) as input and generates three detailed reports as output.