BlackHat MEA CTF 2022 — Forensic (Mem)

Ashish Dhone
6 min readOct 3, 2022

Introduction

This article is a write-up on how I was able to crack the challenge for forensics in BlackHat MEA CTF 2022, I personally enjoyed this challenge as it was a bit tricky and worth solving hence thought of writing a story.

We had “Mem” as a challenge in the Forensic category where they provided an archive file with the raw image and below was the problem statement.

Let’s get started,

I had a raw image, and everyone out there knows we have to perform a Memory forensic on that image. I have personally used the Volatility Framework for multiple cases hence thought of starting with it.

What is Volatility Framework?

Volatility is an advanced memory forensics framework that is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to introduce people to the techniques and…

--

--

Ashish Dhone
Ashish Dhone

Written by Ashish Dhone

Top Hacker’s Ranking in World | Best Bug Hunter @Microsoft MVR 2023 & 2024 @Apple 2022 @Google 2021 & 300+ | CRTP | LPT | CPENT | eWPTXv2 | CHFI | CEH | CVEs x4

Responses (1)