TryHackme’s Advent of Cyber 2023 — Day 19 Writeup

TryHackMe — Memory Forensics [ CrypTOYminers Sing: Volala-lala-latility! ]

Learning Objectives

- Understand what memory forensics is and how to use it in a digital forensics investigation

- Understand what volatile data and memory dumps are

- Learn about Volatility and how it can be used to analyse a memory dump

- Learn about Volatility profiles

Understanding Memory Forensics

Memory forensics, also referred to as volatile memory analysis or random access memory (RAM) forensics, stands as a pivotal branch within the realm of digital forensics. It involves the meticulous examination and analysis of a computer’s volatile memory (RAM) to unveil digital evidence and artifacts associated with computer security incidents, cybercrimes, and other forensic investigations.

Diverging from the methodology of hard disk forensics, which enables the recovery and study of all files on the disk, memory forensics concentrates on scrutinizing the programs that were active when the memory dump was generated. This data is inherently volatile, as it faces deletion once the computer is powered down.