grrcon GrrCon 2017 DFIR write up - Level 1 #GrrCon 2017 #DFIR #CTF challenge. Several host images and memory dumps need to be analysed and investigated. Submit IOCs as you progress...
ctf GrrCon 2016 DFIR Write up - Part 3 Level 3 Question 16) What is the maldoc md5hash? Start by using FILESCAN and searching for documents .rtf, .doc, .docx etc... [email protected]:~# python volatility/vol.py -f /mnt/hgfs/Shared/Part3/ecorpwin7-e73257c4.
grrcon GrrCon 2016 DFIR Write up - Part 2 Level 2 Question 5) What is the password the malware used to enable remote access to the system? From the community Volatility section, download and call the 'editbox' plugin. Also, I didn't know,
forensics GrrCon 2016 DFIR Write up - Part 1 CTF HOMEPAGE https://ir.e-corp.biz/home To start off, get Volatility or a prebuilt vm like SANS SIFT Workstation, they've recommended using the provided Security Onion image. Also, check out the community