Jul 2019
22 Mon
23 Tue
24 Wed
25 Thu
26 Fri 10:00 AM – 04:35 PM IST
27 Sat 10:00 AM – 06:35 AM IST
28 Sun 10:00 AM – 03:00 PM IST
Make a submission
Accepting submissions till 28 Jul 2019, 11:00 PM
For Developers with various fields of interest and matching atmosphere, MEC.conf is an opportunity for growing one’s network and getting to know the latest in the world of development.
We are here to build a developer community that pervades all of engineering and sciences, for that we are providing a platform to enrich delegates with knowledge from experienced innovators and developers. Providing a broader perspective on various engineering challenges that can be solved by implementing the developer mentality.
AK
Abhiram Kumar
@abhiramkumar
Memory Forensics - A CTF Approach
Submitted Jun 28, 2019
🕵️ Security
🗺️ Open Data
🚀 DevOps
This session gives a brief introduction to volatile memory analysis using the open source tool “volatility”.
Key takeaways:
- Start playing CTFs which is best way to get into cyber security.
- Understanding how memory forensics works & fundamentals of memory dump analysis.
- Learning the fundamentals of using the tool volatility and its various plugins.
- Interested people can also start contributing to this tool.
Outline
This session will start from the very fundamentals:
- Why, What and How of Memory Forensics.
- Introduction to Volatility & it’s plugins.
- Elaborate discussion on various important plugins and the evidence they provide.
- Live Demo of solving a CTF challenge and an elaborate discussion on collected memory evidence.
Requirements
The participants need to have the following installed in their computers:
- Ubuntu 16.04/18.04 LTS with Windows 7 64-bit in Virtualbox.
- Python 2.x & python 3.x
- Volatility 2.6 (APT Install). Visit this for more details.
- Ghex (apt install)
- DumpIt.exe installed in Windows VM.
Allocate around 1GB of RAM for the virtual machine and please enable Virtualbox Guest Additions so that data transfer between Guest & Host is possible.
Speaker bio
Hi! I am Abhiram Kumar. I am a 3rd year UG student pursuing my B.Tech in CSE at Amrita University, Amritapuri. I am a member of Team bi0s, CTF team from Amrita University. I have been focusing on Volatile Memory Analysis and Cyber Forensics for the last 3 years. I also have experience in conducting a workshop on Cyber Forensics at the VIDYUT Multi-Fest. I am also a member in the Core Organising team of InCTF & InCTF Junior.
I, along with a few members of my team authored the DFRWS IoT Challenge 2018-19 paper and got selected in the Top 5 submissions: https://github.com/dfrws/dfrws2018-challenge/tree/master/challenge-submissions/bi0s-amritapuri
Links
- Link to Twitter profile: https://twitter.com/_abhiramkumar
- Link to LinkedIn profile: https://linkedin.com/in/abhiram-kumar-90026214a/
- Link to technical blog: https://volatilevirus.home.blog/about/
- Link to GitHub profile: https://github.com/stuxnet999
- Link to the PPT of the WorkShop that I conducted as part of the VIDYUT Multi Fest 2019, Amrita Vishwa Vidyapeetham: https://tinyurl.com/yxsypv22
{{ gettext('Login to leave a comment') }}
{{ gettext('Post a comment…') }}{{ errorMsg }}
{{ gettext('No comments posted yet') }}