Memory Analysis Lab
This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG) and funded by the National Science Foundation’s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 and 1002746. By the end of this lab, students will utilize various methods to determine if an attacker attempted a breach or successfully compromised a system. Some information about the attacker, such as his IP Address, may be lost if the machine is shutdown. For this reason, an investigator collects volatile data before shutting down a system. This lab includes the following tasks: Task 1 – Obtaining a dump of physical memory using DumpIt Task 2 – Attacking the victim system with Armitage Task 3 – Using volatility to determine remote connections
Overview
This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG) and funded by the National Science Foundation’s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 and 1002746. By the end of this lab, students will utilize various methods to determine if an attacker attempted a breach or successfully compromised a system. Some information about the attacker, such as his IP Address, may be lost if the machine is shutdown. For this reason, an investigator collects volatile data before shutting down a system. This lab includes the following tasks: Task 1 – Obtaining a dump of physical memory using DumpIt Task 2 – Attacking the victim system with Armitage Task 3 – Using volatility to determine remote connections
