This session gives a brief introduction to volatile memory analysis using the open source tool “volatility”.
Key takeaways:

• Start playing CTFs which is best way to get into cyber security.
• Understanding how memory forensics works & fundamentals of memory dump analysis.
• Learning the fundamentals of using the tool volatility and its various plugins.
• Interested people can also start contributing to this tool.

Outline

This session will start from the very fundamentals:

• Why, What and How of Memory Forensics.
• Introduction to Volatility & it’s plugins.
• Elaborate discussion on various important plugins and the evidence they provide.
• Live Demo of solving a CTF challenge and an elaborate discussion on collected memory evidence.

Requirements

The participants need to have the following installed in their computers:

• Ubuntu 16.04/18.04 LTS with Windows 7 64-bit in Virtualbox.
• Python 2.x & python 3.x
• Volatility 2.6 (APT Install). Visit this for more details.
• Ghex (apt install)
• DumpIt.exe installed in Windows VM.

Allocate around 1GB of RAM for the virtual machine and please enable Virtualbox Guest Additions so that data transfer between Guest & Host is possible.

Speaker bio

Hi! I am Abhiram Kumar. I am a 3^rd year UG student pursuing my B.Tech in CSE at Amrita University, Amritapuri. I am a member of Team bi0s, CTF team from Amrita University. I have been focusing on Volatile Memory Analysis and Cyber Forensics for the last 3 years. I also have experience in conducting a workshop on Cyber Forensics at the VIDYUT Multi-Fest. I am also a member in the Core Organising team of InCTF & InCTF Junior.
I, along with a few members of my team authored the DFRWS IoT Challenge 2018-19 paper and got selected in the Top 5 submissions: https://github.com/dfrws/dfrws2018-challenge/tree/master/challenge-submissions/bi0s-amritapuri

Links

• Link to Twitter profile: https://twitter.com/_abhiramkumar
• Link to LinkedIn profile: https://linkedin.com/in/abhiram-kumar-90026214a/
• Link to technical blog: https://volatilevirus.home.blog/about/
• Link to GitHub profile: https://github.com/stuxnet999
• Link to the PPT of the WorkShop that I conducted as part of the VIDYUT Multi Fest 2019, Amrita Vishwa Vidyapeetham: https://tinyurl.com/yxsypv22