Memory Analysis Lab

Infosec Learning
Virtual Lab

This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG) and funded by the National Science Foundation’s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702...

Time
1 hour 30 minutes
Difficulty
Intermediate
Share
Join over 3 million cybersecurity professionals advancing their career
Sign up with
or

Already have an account? Sign In »

Overview

This lab is part of a series of lab exercises designed through a grant initiative by the Center for Systems Security and Information Assurance (CSSIA) and the Network Development Group (NDG) and funded by the National Science Foundation’s (NSF) Advanced Technological Education (ATE) program Department of Undergraduate Education (DUE) Award No. 0702872 and 1002746.

By the end of this lab, students will utilize various methods to determine if an attacker attempted a breach or successfully compromised a system. Some information about the attacker, such as his IP Address, may be lost if the machine is shutdown. For this reason, an investigator collects volatile data before shutting down a system.

This lab includes the following tasks:

Task 1 – Obtaining a dump of physical memory using DumpIt Task 2 – Attacking the victim system with Armitage Task 3 – Using volatility to determine remote connections