BlackHat MEA CTF 2023— Forensic (Not supported)
Introduction
This article is a write-up on how I was able to crack the challenge for forensics in BlackHat MEA CTF 2023, I personally enjoyed this challenge as it was straightforward, tricky, and worth solving; hence, I thought of writing a story.
We had “Not Supported” as a challenge in the Forensic category where they provided an archive file with the raw image, and below was the problem statement.
Let’s get started,
I had a .mem image, and everyone out there knows we have to perform a Memory forensic on that image. I have personally used the Volatility Framework for multiple cases hence, I thought of starting with it.
What is Volatility Framework?
Volatility is an advanced memory forensics framework that is a completely open collection of tools, implemented in Python under the GNU General Public License, for the extraction of digital artifacts from volatile memory (RAM) samples. The extraction techniques are performed completely independent of the system being investigated but offer visibility into the runtime state of the system. The framework is intended to…