CrySyS SecChallenge 2020: The memories I treasure

Can you find and extract some rogue and dark information in my memory? You might want to use the Pensieve at Hogwarts.

Download the image from this link: <memory.raw>

Categories

Forensics, Volatility

Links

• Memory forensics

Solution

Apparently this one wasn’t meant to be this easy:

$ strings memory.raw | grep cd20{
cd20{Th15_m1ght_n0t_h4v3_w0rk3d_w1th_th3_m3m0r135_0f_G1ld3r0y_L0ckh4rt}