- Create a Linux profile for Ubuntu 18.04 (5.4.0-42-generic) in Volatility
linux_bash plugin to get link to the repo and
linux_find_file plugin to recover the filepath
- Decode the keyboard stream data to retrieve the flag
- Extract creation timestamp of a note from Google Keep Notes.
- Finding location, date & time from Slack Messages.
- Extract no. of tasks completed and created from Google Tasks.
- Finding secret code from Google Docs cache.
- Extract first opened timestamp of a Game.
- Extract User ID and Workspace ID of the Slack workspace participating.
- Extract the first & last 3 characters of text from the Anydesk Remote connected PC’s thumbnail wallpaper.
- Extract the type of filesystem of the USBs connected to the system.
- Extracting active duration of Voice Modulator application used by parsing Windows Activity timeline.
- Finding default browser and the top visited website.
- Extract timestamp, ID, Hostname of the TeamViewer FileTransfer session.
- Finding Chat application
- Extract unread message count from NTUSER.dat.
- Extract the last executed timestamp of the chat application.
- Extract the Version of the chat application.
- Analysing Google keep mobile artifacts.
- File recovery from the memory dump
- Environment variables analysis.
- RAR and Zip password cracking.
- Cracking Windows user password hash.
- Extracting Keepass Master Password from keystrokes of logged data.
- Retrieving the flag from Samba SMB workgroup guest.
- Anonymous login to FTP server.
- Retrieve SSH login username and password from Firefox History
- Decrypt the bitlocker encrypted drive
- extracting the flag from deleted PDF