### Conspiracy Nut (Forensic Challenge Writeup) -- Space Heroes CTF 2023

Memory forensics is an essential type of cyber investigation that lets an investigator detect unauthorized and unusual activity on a computer or server. This involves using special software that takes a snapshot of the system’s memory and saves it as a file, also called a memory dump. The investigator can then move this file to another location and search it.

#### Getting the clues...

We know that the memory dump was done to a true believer in conspiracy theories. And he has withheld "evidence" that we must find.

We need to perform the extracting of digital artifacts (evidence) from volatile memory (RAM) obtained, for that we will start researching using the volatile memory extraction framework [Volatility3](https://github.com/volatilityfoundation/volatility3)

First, we need to know what operating system the memdump is on. [windows.info](https://volatility3.readthedocs.io/en/latest/volatility3.plugins.windows.info.html)

##### you can find the original post [here](https://leonuz.github.io/blog/conspiracy-nut/)