Black Hat MEA 2022 - Qualifier - MEM
Challenge Description Difficulty : Medium Points : 250 Categoty : DFIR Walkthrough We are given with a memory dump and we are asked to recover a password from the memory dump. I used Volatility to analyse the memory dump. First step was to find more information about the memory dump. vol.py -f mem.raw imageinfo Find list of running processes. vol.py -f mem.raw --profile=Win7SP1x64 pslist vol....