Scribd
Upload
30 views

Ir 3

This assignment requires students to analyze two memory samples using Volatility to find evidence of malicious activity. For each sample, students must use Volatility plugins like imageinfo to gather metadata and examine running processes, network connections, and any suspicious processes in detail. Findings for each sample must be documented in an individual forensic analysis report with screenshots and concluding remarks based on evidence from the memory analysis. The report should have a clear structure, formatting, and be divided into separate sections for each sample.

Uploaded by

sawda.shoshi29
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
30 views

Ir 3

This assignment requires students to analyze two memory samples using Volatility to find evidence of malicious activity. For each sample, students must use Volatility plugins like imageinfo to gather metadata and examine running processes, network connections, and any suspicious processes in detail. Findings for each sample must be documented in an individual forensic analysis report with screenshots and concluding remarks based on evidence from the memory analysis. The report should have a clear structure, formatting, and be divided into separate sections for each sample.

Uploaded by

sawda.shoshi29
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 2

Assignment 3: Memory Forensic

Analysis (30%)
DUE: Friday 16 DECEMBER 2022

INTRODUCTION
This assignment will assess your ability to apply some of the theoretical
knowledge discussed in the lectures and preceding labs in analysing a number of
memory samples. In this assignment you will analyse the two memory samples.
These samples are progressively more difficult.

The objective is NOT to simply arrive at the solution but to demonstrate that
you understand both how to use Volatility to analyse an unknown memory sample
and you understand what Volatility is returning.

THIS ASSIGNMENT IS TO BE COMPLETED INDIVIDUALLY

TASK(S)
In both samples you are to find the evil! You need to begin by getting
information about the image (imageinfo plugin etc.). You will need to examine
the running processes. You should look at the network connections. You should
identify suspicious processes and look in more detail at the suspicious
processes. Determine any unusual processes, follow any connections they have
(dlls, handles, tcpip) and summarise your findings.

A sample write up

A sample write up is available here: https://medium.com/@melanijan93/write-up-


memory-forensics-in-the-def-con-dfir-ctf-c2b50ed62c6b
Sample 1

This is a difficult task as you do not know anything about the sample. Malware
is suspected in this sample. Find it, identify it, determine the level of
infection.

Sample 2

This sample is from a machine that has been behaving oddly. The user of this
system is not very technical and is known to use poor passwords. It is suspected
the machine may be compromised. Investigate the sample.

Document your findings in the report and include supporting screenshots.

You must write a forensic analysis report on your findings with accompanying
screenshots (with your student ID or name clearly visible) demonstrating your
use of the tools. Please see the report samples from the previous assignment if
you are having difficulty with this. Divide the report into two independent
sections, one for each sample.

This report should be well organised and sequenced logically with a clear aim
and scope. You are expected to develop conclusions from this activity and
provide concluding remarks on the evidence gathered. Do NOT speculate.

Your report font should be 12pt font, single line spacing and justified and be
of professional quality (consistent formatting, logical headings, proper
formatting, referencing and citation etc.).

You might also like