📒
cybersecurity notes
  • Welcome
  • Memory Forensics
    • Resources
    • autovol
    • Memory Forensics - 13cubed
      • Intro to Memory Forensics
      • Windows Memory Analysis
      • Windows Process Genealogy
      • Pulling threads
      • Persistence in Memory
      • Memory Forensics Baselines
      • Extracting Prefetch
      • Shellbag forensics
    • Challenges
      • BTLO
        • Memory Analysis - Ransomware
      • Memlabs
        • Lab 1 - Beginner's Luck
    • Analysis
      • Stuxnet
      • Zeusbot
      • Darkcomet RAT
      • ZeroAccess Rootkit
  • Linux
    • Linux commands
  • Malware Analysis
    • Triaging
    • Malware Analysis - 13cubed
    • gdb
  • Networking
    • CCNA notes
      • Network devices
      • Interfaces and cables
      • OSI model & TCP-IP suite
      • Intro to CLI
      • Ethernet LAN switching (1)
      • Ethernet LAN switching (2)
      • IPv4 addressing (1)
      • IPv4 addressing (2)
      • Switch Interfaces
      • IPv4 Header
      • Static routing
      • Life of a Packet
      • Subnetting (1)
      • Subnetting (2)
      • Subnetting (3)
      • VLAN (1)
      • VLAN (2)
      • VLAN (3)
      • DTP & VTP
      • Spanning Tree Protocol (1)
      • Spanning Tree Protocol (2)
      • RSTP
      • Etherchannel
      • Dynamic routing
      • RIP & EIGRP
      • OSPF (1)
      • Others (gdrive)
Powered by GitBook
On this page
  1. Memory Forensics
  2. Challenges

Memlabs

PreviousMemory Analysis - RansomwareNextLab 1 - Beginner's Luck

Last updated 1 year ago

Pre-requisites

  • Get your Linux machine ready (preferred).

  • Make sure Volatility framework is either installed or cloned from github.

Some basic pointers that are common for all the labs

  • I'll be using Volatility 2 for the labs. You can try with Volatility 3 too.

  • Always start with what you know and investigate from there. If you randomly run plugins, everything will look suspicious.

  • Create a separate folder for each lab and download the lab files into them. Also, create a output directory inside each lab directory to output the dump files.

LogoGitHub - stuxnet999/MemLabs: Educational, CTF-styled labs for individuals interested in Memory ForensicsGitHub