Ermittlung - InCTF Internationals 2021 g4rud4 2021-08-16 Forensics / Memory tl;dr Finding Chat application Extract unread message count from NTUSER.dat. Extract the last executed timestamp of the chat application. Extract the Version of the chat application. Read More InCTFi Volatility Windows Memory Analysis
KarDi Bee X - Securinets Quals 2021 g4rud4 2021-03-22 Forensics / Memory tl;dr File recovery from the memory dump Environment variables analysis. RAR and Zip password cracking. Cracking Windows user password hash. Extracting Keepass Master Password from keystrokes of logged data. Read More Volatility Windows Memory Analysis Securinets Quals
Investigation Continues - InCTF Internationals 2020 stuxn3t 2020-08-04 Forensics / Memory tl;dr Extract Invalid Login timestamp from the windows registry. Extract the timestamp of when a JPEG was opened. Extract Google Chrome’s last run time which was pinned to taskbar from windows registry. Read More InCTFi Volatility Windows Memory Analysis Windows Registry
Investigation - InCTF Internationals 2020 stuxn3t 2020-08-04 Forensics / Memory tl;dr Extract process last run time from the windows registry. Extract process run count from the windows registry. Read More InCTFi Volatility Windows Memory Analysis Windows Registry
Notch It Up - InCTF Internationals 2019 stuxn3t 2019-09-24 Forensics / Memory tl;dr Chrome history analysis File recovery from the memory dump Raw analysis of email content Environment variables analysis RAR password cracking Corrupted file analysis Read More InCTFi Volatility Windows Memory Analysis
Just Do It - InCTF Internationals 2019 stuxn3t 2019-09-24 Forensics / Memory tl;dr Master File Table Analysis Deleted file data recovery Read More InCTFi Volatility Windows Memory Analysis