Tags: forensics
Rating:
Memory forensics is an essential type of cyber investigation that lets an investigator detect unauthorized and unusual activity on a computer or server. This involves using special software that takes a snapshot of the system’s memory and saves it as a file, also called a memory dump. The investigator can then move this file to another location and search it.
We know that the memory dump was done to a true believer in conspiracy theories. And he has withheld "evidence" that we must find.
We need to perform the extracting of digital artifacts (evidence) from volatile memory (RAM) obtained, for that we will start researching using the volatile memory extraction framework Volatility3
First, we need to know what operating system the memdump is on. windows.info
