Memory Forensics Assignment 3

Memory Forensics Assignment Objectives: - Working with a memory dump - Using the volatility tool to analyze the memory data - Identify the use and output for different plugins - Identify suspicious activity in the memory dump - Extract memory regions and note signs of malicious behavior In this work, you will be given a memory dataset that has security issues, i.e. infected. You have to analyze the data and find answers for the questions: Question Answer Points 1 Dataset profile? 2 2 Number of all processes - Number of active processes 2 3 The parent of the lsass.exe? 2 4 The parent of services.exe? 2 5 Issue of services.exe and its children 2 6 PID 680 uses port? 2 7 PID 1928 uses port? 2 8 Number of DLLs of PID 680 _______, and for PID 1928 _______ 2 9 In the PID 680, 868, 1928 There is malicious behavior in the regions of PID/s_________________? 2 10 The protection of explorer.exe is PAGE__________? 2 11 The MZ signature is found in memory regions of processes names_______________? 5 12 Using the plugin procdump, number of files generated with errors _____________? 5 13 List 3 Mutants with names ending with _MUTEX 5 14 Bonus: Name what infected the dataset? 10 Guidelines: For the assignment above, you need to consider the following: 1- To be done individually. 2- Use the Virtual machine Parrot Linux for the assignment 3- Download the data inside the virtual machine 4- The file is password protected a. Password: malware 5- Be careful of specifying path information when accessing the input file 6- Submitting after the deadline will result in %10 points off for each additional day up to %30. a. After that the assignment may not be accepted and ZERO grade is given.

Видео Memory Forensics Assignment 3 автора PHP и командная разработка