tl;dr

• Finding Chat application
• Extract unread message count from NTUSER.dat.
• Extract the last executed timestamp of the chat application.
• Extract the Version of the chat application.

tl;dr

• File recovery from the memory dump
• Environment variables analysis.
• RAR and Zip password cracking.
• Cracking Windows user password hash.
• Extracting Keepass Master Password from keystrokes of logged data.

tl;dr

• Extract keylogger script from the memory dump.
• Extract the master key from the packet capture.
• Reverse the script to get the flag.

tl;dr

• Extract Invalid Login timestamp from the windows registry.
• Extract the timestamp of when a JPEG was opened.
• Extract Google Chrome’s last run time which was pinned to taskbar from windows registry.

tl;dr

• Extract process last run time from the windows registry.
• Extract process run count from the windows registry.

tl;dr

• Memory dump analysis using Volatility.
• Extracting Keepass Master Password from the memory.
• Extracting flag from ZIP archive attached in the Keepass database.

tl;dr

• Chrome history analysis
• File recovery from the memory dump
• Raw analysis of email content
• Environment variables analysis
• RAR password cracking
• Corrupted file analysis

tl;dr

• Master File Table Analysis
• Deleted file data recovery

tl;dr - Volatility + Corrupted file analysis
Full solution of Easy Husky challenge from ISITDTU Quals 2019.