Link: https://blueteamlabs.online/home/investigation/100
Eric was new to computer science and his goal was to become a software developer. As part of his goal he started working on C programming on a Linux machine but unfortunately he executed malicious code because of which his credentials were compromised. Eric took his infected laptop to his cybersecurity professor who helped him in remediation. Professor took a RAM image and took Eric’s consent to teach this incident as a case study to the university students.
RAMDump and Linux profile were kept on Desktop.
Unlock your Linux Memory Analysis skills to help the professor in preparing a good training lab for his students.
Note: If you feel something is not working in the lab, it might be really not working or you need to figure out how to make it work.
Scenario Description
Conclusion
It was my first time using volatility with linux and mostly was straightforward. There were a few instances I tried to dump files and I kept getting blank / null bytes filled files. Eventually just looking at the file manually helped reveal some answers!
Comments
No comments available.