Scribd
Upload
4 views

Worst

The document outlines a lab final report by Syed Muneeb, detailing tasks performed using the Volatility framework to analyze a memory dump. It includes commands for extracting Windows information, file scans for passwords and users, process trees, and DLL lists, as well as logs from applications, system events, and security events. Additionally, it mentions findings related to registry hives and deleted items in cache.

Uploaded by

sadafayubmalik303
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
4 views

Worst

The document outlines a lab final report by Syed Muneeb, detailing tasks performed using the Volatility framework to analyze a memory dump. It includes commands for extracting Windows information, file scans for passwords and users, process trees, and DLL lists, as well as logs from applications, system events, and security events. Additionally, it mentions findings related to registry hives and deleted items in cache.

Uploaded by

sadafayubmalik303
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Name: Syed Muneeb

RollNo: 2130-0007

Lab final DF

Task 1:

1. Windows info:

python3 vol.py -f /home/kali/Documents/MemoryDump_Lab2.raw windows.info

this shows information about the windows

2. file scan passwords:

python3 vol.py -f /home/kali/Documents/MemoryDump_Lab2.raw windows.filescan | grep -i password

3. File scan users

python3 vol.py -f /home/kali/Documents/MemoryDump_Lab2.raw windows.filescan | grep -i user

4. File scan picture


python3 vol.py -f /home/kali/Documents/MemoryDump_Lab2.raw windows.filescan | grep -i picture

5. Pstree:

python3 vol.py -f /home/kali/Documents/MemoryDump_Lab2.raw windows.pstree

lists all the process tree

6. dlllist:

python3 vol.py -f /home/kali/Documents/MemoryDump_Lab2.raw windows.dlllist

lists all the dlls running

Task 2:

Application:

logs that are generated by applications running on the system

Event id: 1003

Description: The Software Protection service has completed licensing status check.

Application Id=0ff1ce15-a989-479d-af46-f275c6370663

Licensing Status=

1: d450596f-894d-49e0-966a-fd39ed4c4c64, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0


msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0
msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009
30 0)( 1 0x00000000)( 6 0xC004F009 30 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11
0x00000000 0xC004F056)])]

Event id: 1003

description: The Software Protection service has completed licensing status check.

Application Id=55c92734-d682-4d71-983e-d6ec3f16059f

Licensing Status=

1: 2de67392-b7a7-462a-b1ca-108dd189f588, 1, 1 [(0 [0xC004E003, 0, 0], [( 2 0xC004F056 0 0


msft:rm/algorithm/volume/1.0 0x00000000 0)( 1 0x00000000)(?)( 2 0xC004F056 0 0
msft:rm/algorithm/volume/1.0 0x00000000 0)(?)(?)(?)(?)])(1 )(2 )(3 [0x00000000, 0, 0], [( 6 0xC004F009
0 0)( 1 0x00000000)( 6 0xC004F009 0 0)(?)(?)(?)( 10 0x00000000 msft:rm/algorithm/flags/1.0)( 11
0x00000000 0xC004F056)])]

System:

logs that are generated by the system when an event like connected media etc occurs.

event id : 0

description:

Detected unrecognized USB driver (\Driver\USBPcap).

event id: 10000

description:

Unable to start a DCOM Server: {3C296D07-90AE-4FAC-86F9-65EAA8B82D22}. The error:

"2147942402"

Happened while starting this command:


C:\WINDOWS\system32\SppExtComObj.exe -Embedding

Security:

logs that are generated when any event like logon, log off, enumeraTION ETC OCCURS

event id: 4798

description: A user's local group membership was enumerated.

event id: 4624

description: An account was successfully logged on.

Task 3:

registery hive of software

2 deleted item in cache were found


Security:

System:

You might also like