tryhackme

TryHackMe – Volatility Walk-Through

This will only cover Task 10 – Practical Investigations Question 1: What is the build version of the host machine in Case 001? In the above screenshot look at NTBuildLab. Answer: 2600.xpsp.080413-2111 Question 2: At what time was the memory file acquired in Case 001? Also, in the previous screenshot look at SystemTime. Answer: 2012-07-22
read more

TryHackMe – Volatility Walk-Through