Linux Memory Analysis
Premium roomLearn how to investigate and find the footprints of a threat actor in the Linux memory.
medium
60 min
2,135
To access material, start machines and answer questions login.
When investigating a cyber incident, a system's memory is one of the most volatile and revealing sources of evidence. Memory forensics helps uncover valuable information about what was happening on a machine at a specific time, such as running processes, open files, network connections, credentials, and more.
In this room, we will continue our investigation of the attack on the TryHatMe company and look at the footprints that the adversary left behind in the memory of the machine. It is suspected that the adversary got access to the server via lateral movement.
Prerequisites
To understand the concepts and technicalities covered in this room, it is expected that the user is well-versed with Volatility and has covered the following rooms:
Learning Objectives
In this room, we will examine the footprints of the adversary's actions in the compromised server. Some of the key topics that we will cover are:
- Overview of the and Windows memory layout.
- Learn how to utilize Volatility to investigate memory.
- Learn how to investigate the running processes and network connections and identify the odd ones.
Let's dive in.
Continue to the next task.
Ready to learn Cyber Security?
The Linux Memory Analysis room is only available for premium users. Signup now to access more than 500 free rooms and learn cyber security through a fun, interactive learning environment.
Already have an account? Log in