October 2017
Kaspersky CTF – help (Forensic 500)
October 14, 2017
We were given a memory dump; First we’ll get image info to understand the image type: It is Windows 7 x64. As usual we check running processes to find possible suspicious ones: There are only two suspect processes: ‘Keepass.exe’ and ‘Cmd.exe’; The first one interested me more and probably I should try to find ‘kdbx’ or ‘kdb’ file, so I scanned for file lists to get something to start: Read More