We covered an incident response scenario that involved a using memory forensics to investigate the presence of a malware downloaded from email attachments. The scenario involved a memory dump and Volatility tools to perform memory investigation. We listed the processes running, the process tree and uncovered a Powershell process that was invoked after opening the attachment which was in PDF. We extracted strings from the PDF attachments to find the artifacts (the flag). This was part of HackTheBox Reminiscent

Get Computer Forensics Notes

Video Walkthrough

About the Author

I create cybersecurity notes, digital marketing notes and online courses. I also provide digital marketing consulting including but not limited to SEO, Google & Meta ads and CRM administration.

View Articles