We covered an incident response scenario that involved a using memory forensics to investigate the presence of a malware downloaded from email attachments. The scenario involved a memory dump and Volatility tools to perform memory investigation. We listed the processes running, the process tree and uncovered a Powershell process that was invoked after opening the attachment which was in PDF. We extracted strings from the PDF attachments to find the artifacts (the flag). This was part of HackTheBox Reminiscent

Get Computer Forensics Notes

Video Walkthrough

About the Author

Cybersecurity Trainer MS in Cybersecurity Expertise in Healthcare and Finance Industries Penetration tester and compliance auditor

View Articles