Memory Forensics - A CTF Approach
This session gives a brief introduction to volatile memory analysis using the open source tool “volatility”.
- Start playing CTFs which is best way to get into cyber security.
- Understanding how memory forensics works & fundamentals of memory dump analysis.
- Learning the fundamentals of using the tool volatility and its various plugins.
- Interested people can also start contributing to this tool.
This session will start from the very fundamentals:
- Why, What and How of Memory Forensics.
- Introduction to Volatility & it’s plugins.
- Elaborate discussion on various important plugins and the evidence they provide.
- Live Demo of solving a CTF challenge and an elaborate discussion on collected memory evidence.
The participants need to have the following installed in their computers:
- Ubuntu 16.04/18.04 LTS with Windows 7 64-bit in Virtualbox.
- Python 2.x & python 3.x
- Volatility 2.6 (APT Install). Visit this for more details.
- Ghex (apt install)
- DumpIt.exe installed in Windows VM.
Allocate around 1GB of RAM for the virtual machine and please enable Virtualbox Guest Additions so that data transfer between Guest & Host is possible.
Hi! I am Abhiram Kumar. I am a 3rd year UG student pursuing my B.Tech in CSE at Amrita University, Amritapuri. I am a member of Team bi0s, CTF team from Amrita University. I have been focusing on Volatile Memory Analysis and Cyber Forensics for the last 3 years. I also have experience in conducting a workshop on Cyber Forensics at the VIDYUT Multi-Fest. I am also a member in the Core Organising team of InCTF & InCTF Junior.
I, along with a few members of my team authored the DFRWS IoT Challenge 2018-19 paper and got selected in the Top 5 submissions: https://github.com/dfrws/dfrws2018-challenge/tree/master/challenge-submissions/bi0s-amritapuri