Cyber Security - Self Study guides , notes

Memory analysis

In memory forensics challenges , i basically get a memory dump , and I have to find flag from them

Volatility is the best tool to find the flags.

Installation

Volatility2
Volatility3
autoVolatility

Volatility2 and volatility3 takes arguments in different ways. In volatility2 you have to provide `-profile` for each time to tell the os of the dump . In volatility3 you have to provide os_name.plugin `-f` is used to provide dump file to the scripts

Volatility2 plugins	Volatility3 plugins	Description
imageinfo	x	Identify information for the image
pslist	WML.pslist.PsList	Lists the processes present in a particular memory image.
psscan	WL.psscan.PsScan	Scans for processes present in a particular memory image.
pstree	WML.pstree.PsTree	Plugin for listing processes in a tree based on their parent process ID.

Prev Next

CAPA: The Basics01/02/25 ctf → thm → capa-the-basics

SQLMap: The Basics31/01/25 ctf → thm → sqlmap-the-basics

SQL Fundamentals31/01/25 ctf → thm → sql-fundamentals

Powershell30/01/25 programming → powershell