Tags: forensics volatility 

Rating:

Use volatility to check processes, IE/cmdline history and MD5 the result to get the flag.

Full video walkthrough: https://www.youtube.com/watch?v=deg0CQwwN-M&t=2153s

Original writeup (https://www.youtube.com/watch?v=deg0CQwwN-M&t=2153s).